[SOLVED] Online banking & security

[KNTRO]

Hi all,

I was reading this interesting topic about homebanking & security. Since that topic was locked, I decided to open this, here, at the Technical chat subforum.

My question is: the bank I use for home banking uses RC4 128 bits. Is that safe enough currently in your opinions? Should I contact the bank and ask them to harden online banking security?

Another question I have: Should I let Pale Moon to remember my credentials for home banking, just like I allow it for other web accounts? Or shouldn't I ever let Pale Moon to remember this?

Thanks in advance!

[squarefractal]

the bank I use for home banking uses RC4 128 bits. Is that safe enough

The attacks discussed is not very easy to pull off, but your bank should upgrade to something better as soon as possible.

Should I let Pale Moon to remember my credentials for home banking, just like I allow it for other web accounts?

You may use a dedicated password manager or use a master password in Pale Moon for this purpose.

[KNTRO]

Thanks, squarefractal.

I'm gonna definitely contact my bank. Hope they care about this.

Best regards.

[Moonchild]

Actually, an attack on RC4 numeric bias is extremely difficult to pull off, especially since the type of attack needed would immediately red-flag any server operator for the sheer number of attempted SSL connections

RC4 is considered "cryptographically weak" because of this known vulnerability, but not broken. Of course using a stronger protocol and cipher is recommended, especially for banking, but it's not an immediate disaster (yet) if RC4 is in use.

[Lucio Chiappetti]

Should I let Pale Moon to remember my credentials for home banking, just like I allow it for other web accounts? Or shouldn't I ever let Pale Moon to remember this?

Personally I always use "private browsing" to access my bank stuff (it is virtually the only case I do it).

This had a bit of an unfortunate side-effect since I recently moved to a larger screen, and want to use larger fonts (minimum font size set not to "none"), and apparently my bank site gets poorly formatted using larger fonts. NoSquint add-on can remember zoom per-site but of course not for private browsing. So far I manually revert to zoom 100%.

[KNTRO]

Actually, an attack on RC4 numeric bias is extremely difficult to pull off, especially since the type of attack needed would immediately red-flag any server operator for the sheer number of attempted SSL connections

RC4 is considered "cryptographically weak" because of this known vulnerability, but not broken. Of course using a stronger protocol and cipher is recommended, especially for banking, but it's not an immediate disaster (yet) if RC4 is in use.

Thank you a lot for this brief explanation, Moonchild!

The thing is that is this extremely sensible for a bank, especially when others banks here are already using TLS 1.2 256 bits AES encryption. Because, once this RC4 be broken, there's no turning back, and all banks' admin webmasters are going to run crazy trying to patch what they've not done before. And, geez, we hope the website still be online and stable!

Should I let Pale Moon to remember my credentials for home banking, just like I allow it for other web accounts? Or shouldn't I ever let Pale Moon to remember this?

Personally I always use "private browsing" to access my bank stuff (it is virtually the only case I do it).

Mmm… That's not a bad idea! I use to homebanking in a regular Pale Moon session but without letting the web browser to remember anything I enter in forms. But I like the concept of using a private browsing session to access bank's service.

Thanks for that tip, Lucio! I'm gonna to try it out!

Best to you both!