[Cryptography] Encryption opinion

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue Aug 19 01:55:00 EDT 2014


Tom Ritter <tom at ritter.vg> writes:

>None of those sites accepted the SSL handshake.  I'm certain that there are
>still some banks out there that allow weak ciphers, but saying it's the norm
>does not seem to be correct from my testing.

Uhh, you've misunderstood the point I was trying to make: If you do your
online banking/eBay buying/whatever and use weak crypto, nothing bad will
happen...  Corollary: ...because there's no need to attack the crypto, there
are a thousand [1] easier ways to get credit card numbers and whatnot than via
the crypto.  For example https://www.google.com/search?q=fullz+dumps.

Peter.

[1] Well, some sort of non-small integer anyway.


More information about the cryptography mailing list