Quote:
Originally Posted by mykalberta
Depends.
If someone really wanted to they would setup a temp account at the bank and log on and compare the packets to the ones captured then it probably wouldnt take that much time - a month or 2 maybe.
Its likely that the headers and packet ends for the username and password are the same for both accounts, thats all you need and then break it from there. You dont need the rest of the information. Also the username can likely be broke by social engineering the user so that just leaves the password.
Its by no means easy, but by no means will take as long as you suggest. Most users, even IT persons use passwords of 10 digits or under can be broke by a dedicated host box if you have a confirmed sample of the data in under 800 hours. This is also assuming that none the leg work has been done and published by anyone else.
|
all the packets are encrypted with a decent encryption (192-bit TDES at min, 256 AES at max) so if you can break that in a month or 2 please tell me how because you have just broken some of the most sophisticated encryption schemes in the world.
As for passwords yes it is fairly easy to beak them for most people. For account numbers most of the time is it just your account number/card number.