Quote:
Originally Posted by Chroma
RE: Secure banking.
...
Ok so maybe im scaremongeing and just a touch sarcastic and upon rereading it, I seem to descend entirely into paranoid drivel and sheer tinfoil hattery.
But the simple fact is that monitoring SSL and https isnt nessisary to gain some seriously sensitive information on a person that could be used to his or her detriment.
|
Excellent
But I think you've missed that Man In The Middle can and does know what encrypted data was transferred to your machine when you went to your bank's login page. That page is (if it's like my bank's) full of "we is teh secure" logos + the usual corporate graphic identity crap. That's a damn good start to cracking an SSL session key which is why people who know worry about MITM attacks. The best way to crack any kind of crypto is to have an example of what the answer was. Every session may be "unique" (within the limits of finite integers) but if you have that level of access to a version of the answer then maybe it wouldn't be that hard. History shows that, very often.
Pick two places in the world where I would go to get some serious maths (of the crypto kind) done...
My bank told me to contact my ISP if I had any privacy concerns. My credit card company didn't even bother to respond to my secure message. Not naming any names but
let's just say I think that Smile and Egg are a bit thick when it comes to stuff like this.
Dave