Coffeehouse Post

Single Post Permalink

View Thread: Man-in-the-Middle attack
  • User profile image

    The only way banks could *try* to enforce that there is no MITM, is by shipping/physically handing out some sort of USB device where the access to the bank information was en/decrypted

    Or they could just send you their pubic key. All of the major problems with SSL and MitM are all to do with the public key distribution mechanism of SSL, not to do with the encryption part.

    but unless that device plugs between your keyboard and the computer, it would still be quite vulnerable for sniffing (they should just hand out a custom smartphone when you open account). I know one bank which requires users to install Java runtime (while experts have for years complained that it's full of exploits, requiring additional measures to attempt to secure it if you have to install it) that they use to run a custom en/decryption at the client computer. This is much better than using the Windows API's which are easily sniffed but the fact they made it with Java makes it stink since most users won't know or bother even the most basic level of securing JRE once installed (namely, turning it off for everything but the bank that needs it or installing it in a VM).

    None of those things affect the encryption between you and the bank. If your machine has malware on it, it can impersonate you. That's the tragic thing about viruses. 

    When it comes to real security, you need a way for the system to inform that an attacker is studying it. If the security system is not "obscurity based" then there's likely less need to study it in order to break it and you may not get any warning before the attack takes place. This and ability to isolate the system during the reverse engineering phase, is what makes even the most "sophisticated" security systems worth nothing. The only good security is the kind that the attacker cannot study without getting noticed and there has to be reason to study and that's why I prefer security by obscurity in addition to the "mathematically sound security", which really is only secure if you assume the attacker is some empty pockets thief that can't afford hundred thousand custom designed chips (or cloud compute time) to crack your stuff.

    If your attacker can afford hundreds of thousands of custom designed chips to "crack your stuff", they aren't after your bank account details, because they already have enough money.

    Also, I see that argument a lot from people who build their own encryption because "obscurity is necessary". Nine times out of ten the encryption can be broken on the back of an envelope.

    Use RSA/AES. It's better, it's more secure, and there's people who know what they're doing accrediting it as secure.