Reply to post: Nationwide

El Reg assesses crypto of UK banks: Who gets to wear the dunce cap?

Duncan Macdonald Silver badge


Looking at the detailed report - AES 256 encryption is used with everything that supports it (the significant exceptions were Android 2.3.7 and IE8 on XP which no sensible person should be using for online banking). TLS 1.3 is not supported but as the draft was only published in April 2017 this is not surprising. Diffie-Hellman key exchange was not used with any of the simulated browsers (RSA was used instead) so the fact that the server supports the DH key exchange does not have much impact on security.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019