[Cryptography] Encryption opinion
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Tue Aug 19 01:55:00 EDT 2014
Tom Ritter <tom at ritter.vg> writes:
>None of those sites accepted the SSL handshake. I'm certain that there are
>still some banks out there that allow weak ciphers, but saying it's the norm
>does not seem to be correct from my testing.
Uhh, you've misunderstood the point I was trying to make: If you do your
online banking/eBay buying/whatever and use weak crypto, nothing bad will
happen... Corollary: ...because there's no need to attack the crypto, there
are a thousand [1] easier ways to get credit card numbers and whatnot than via
the crypto. For example https://www.google.com/search?q=fullz+dumps.
Peter.
[1] Well, some sort of non-small integer anyway.
More information about the cryptography
mailing list