[Cryptography] Encryption opinion
Ben Laurie
ben at links.org
Tue Aug 19 15:58:53 EDT 2014
On 18 August 2014 22:55, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Tom Ritter <tom at ritter.vg> writes:
>
>>None of those sites accepted the SSL handshake. I'm certain that there are
>>still some banks out there that allow weak ciphers, but saying it's the norm
>>does not seem to be correct from my testing.
>
> Uhh, you've misunderstood the point I was trying to make: If you do your
> online banking/eBay buying/whatever and use weak crypto, nothing bad will
> happen... Corollary: ...because there's no need to attack the crypto, there
> are a thousand [1] easier ways to get credit card numbers and whatnot than via
> the crypto. For example https://www.google.com/search?q=fullz+dumps.
What? Nothing bad will happen because you can't do it. You are making
the untestable claim that if you could do it, nothing bad will happen.
This is not science, this is bloviation.
More information about the cryptography
mailing list