Encryption Oddity?

Should it bother me that my email is encrypted with 256 bit encryption (AES-256) while my online banking is encrypted with 128 bit encryption (RC4-128)? You’d think you’d want your bank to have greater encryption than your email. Or is it that google is better at this game than my bank is?

One Reply to “Encryption Oddity?”

  1. I wouldn’t worry to much, in fact, I don’t (but my bank does use 256 bit encryption). Your online banking probably also uses sessions, which expire as soon as you close your browser. Essentially–to comprimise your bank info, someone would need to do what’s called a man-in-the-middle attack on your IP before you connect to the bank. In theory, that allone should prevent the security certificate from giving you an accurate session certificate and not allow the connection to continue. But if the theor is incorrect and some one does to a successful man-in-the-middle attack while you are connected to your bank, they would have to keep and re-assemble all packets they captures then decrypt them with the original serurity crtificate. That would take way too long to be worth while. Besides, anyone with those skills has bigger targets on their mind than Joe Blow’s personal bank account. Those kind of people are probably more interested in hacking a bank directly and stealing databases of millions of credit card numbers.

    Frankly, it’s easier to steal a new box of checks out of your mailbox, than access your account info that way. Or better yet–obtain your address and social security number (which will let them look up you date-of-birth) and call the bank pretending to be you. That’s what I’d be worried about. It is too easy to obtain an address, social security number, and date-of-birth; and most businesses will accept that you are who you say you are with just that information.

    cheers.

Leave a Reply

Your email address will not be published.