Hi all,
I was reading this interesting topic about homebanking & security. Since that topic was locked, I decided to open this, here, at the Technical chat subforum.
My question is: the bank I use for home banking uses RC4 128 bits. Is that safe enough currently in your opinions? Should I contact the bank and ask them to harden online banking security?
Another question I have: Should I let Pale Moon to remember my credentials for home banking, just like I allow it for other web accounts? Or shouldn't I ever let Pale Moon to remember this?
Thanks in advance!
[SOLVED] Online banking & security
[SOLVED] Online banking & security
Last edited by KNTRO on 2015-01-22, 20:14, edited 1 time in total.
Re: Online banking & security
The attacks discussed is not very easy to pull off, but your bank should upgrade to something better as soon as possible.KNTRO wrote:the bank I use for home banking uses RC4 128 bits. Is that safe enough
You may use a dedicated password manager or use a master password in Pale Moon for this purpose.KNTRO wrote:Should I let Pale Moon to remember my credentials for home banking, just like I allow it for other web accounts?
Re: Online banking & security
Thanks, squarefractal.
I'm gonna definitely contact my bank. Hope they care about this.
Best regards.
I'm gonna definitely contact my bank. Hope they care about this.
Best regards.
Re: [SOLVED] Online banking & security
Actually, an attack on RC4 numeric bias is extremely difficult to pull off, especially since the type of attack needed would immediately red-flag any server operator for the sheer number of attempted SSL connections
RC4 is considered "cryptographically weak" because of this known vulnerability, but not broken. Of course using a stronger protocol and cipher is recommended, especially for banking, but it's not an immediate disaster (yet) if RC4 is in use.
RC4 is considered "cryptographically weak" because of this known vulnerability, but not broken. Of course using a stronger protocol and cipher is recommended, especially for banking, but it's not an immediate disaster (yet) if RC4 is in use.
"Sometimes, the best way to get what you want is to be a good person." -- Louis Rossmann
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
"Seek wisdom, not knowledge. Knowledge is of the past; wisdom is of the future." -- Native American proverb
"Linux makes everything difficult." -- Lyceus Anubite
-
- Astronaut
- Posts: 660
- Joined: 2014-09-01, 15:11
- Location: Milan Italy
Re: [SOLVED] Online banking & security
Personally I always use "private browsing" to access my bank stuff (it is virtually the only case I do it).KNTRO wrote:Should I let Pale Moon to remember my credentials for home banking, just like I allow it for other web accounts? Or shouldn't I ever let Pale Moon to remember this?
This had a bit of an unfortunate side-effect since I recently moved to a larger screen, and want to use larger fonts (minimum font size set not to "none"), and apparently my bank site gets poorly formatted using larger fonts. NoSquint add-on can remember zoom per-site but of course not for private browsing. So far I manually revert to zoom 100%.
The reasonable man adapts himself to the world: the unreasonable one persists in trying to adapt the world to himself. Therefore all progress depends on the unreasonable man. (G.B. Shaw)
Re: [SOLVED] Online banking & security
Thank you a lot for this brief explanation, Moonchild!Moonchild wrote:Actually, an attack on RC4 numeric bias is extremely difficult to pull off, especially since the type of attack needed would immediately red-flag any server operator for the sheer number of attempted SSL connections
RC4 is considered "cryptographically weak" because of this known vulnerability, but not broken. Of course using a stronger protocol and cipher is recommended, especially for banking, but it's not an immediate disaster (yet) if RC4 is in use.
The thing is that is this extremely sensible for a bank, especially when others banks here are already using TLS 1.2 256 bits AES encryption. Because, once this RC4 be broken, there's no turning back, and all banks' admin webmasters are going to run crazy trying to patch what they've not done before. And, geez, we hope the website still be online and stable!
Mmm… That's not a bad idea! I use to homebanking in a regular Pale Moon session but without letting the web browser to remember anything I enter in forms. But I like the concept of using a private browsing session to access bank's service.Lucio Chiappetti wrote:Personally I always use "private browsing" to access my bank stuff (it is virtually the only case I do it).KNTRO wrote:Should I let Pale Moon to remember my credentials for home banking, just like I allow it for other web accounts? Or shouldn't I ever let Pale Moon to remember this?
Thanks for that tip, Lucio! I'm gonna to try it out!
Best to you both!