[some_furry]

> Firefox suggests some security concerns in the firefox console on both sites. Especially about how weak is sha1 algorithm. Both sites have a 2048 public cert, the one use TLS1.2 but the other TLS1.0 and one of them have a 128bit private key size. You all understand that from a security point of view, these things arent best practices. Especially if you are a bank !

128 bits for symmetric key ciphers is actually fine. Especially with AES.

TLS1.0 and SHA1 certificates? I'd expect better.

> The second bank has also a cross site javascript script and that’s for sure not a best practice. Again that’s not a security hole. They just pull a javascript from their official web page (although a different url/domain from their web banking).

Yay, watering hole attack vectors.

[marcosdumay]

It's a "128 bits private key", what means it's assymetric. I fully expect it to be an RSA key, but even for ECC that's at least half the size of something that could be considered secure.

[schoen]

TLS uses several algorithms, almost always both asymmetric and symmetric algorithms, in every session. For example, my current connection to HN is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. And that does mean that our underlying session key is 128 bits, independent of the size of HN's public key (which turns out to be 2048 bits).

There is a possible argument that a 128-bit AES key and a 2048-bit RSA key are mismatched, but a 1024-bit RSA key is clearly known to be dangerous now, while the same is not at all true for a 128-bit AES key.

[marcosdumay]

Symmetric encryption does not have the concept of a "private key". A 128 bits private key in TLS can only vary from almost useless (if it's some ECC algorithm) to completely useless (in case it's RSA).

Too bad (but understandable) that the article does not give any detail. About a decade ago, 128 bits RSA keys were widely used (but not recommended anymore), I wouldn't be surprised to discover a bank didn't change their security procedures since then.

[some_furry]

> Symmetric encryption does not have the concept of a "private key".

In the early days of public key cryptography, the NSA referred to it as "non-private key cryptography".

Even today, people often refer to symmetric vs asymmetric and private vs public interchangeably. (Yes, it can cause confusion and you will probably never see professional cryptographers like Bernstein, Green, Lange, Schwabe, Schneier, or Wilcox-O'hearn refer to it that way.)

https://en.wikipedia.org/wiki/Symmetric-key_algorithm#cite_n...

The author had multiple errors; it isn't beyond the limits of intellectual generosity to assume they meant symmetric key instead of private key.

> A 128 bits private key in TLS can only vary from almost useless (if it's some ECC algorithm) to completely useless (in case it's RSA).

128 bit EdDSA would have about the same security as a 64 bit block cipher, which we would consider broken. So I'm in full agreement there.

128 bit RSA? Totally useless.

128 bit AES? Not a concern. Usually you look at the padding, block mode, and authentication instead.

[yuhong]

Yea, more important is the RC4 at the top of the list with nbg.gr.