Hear Ye! Since 1998.
Please note: This post is at least 3 years old. Links may be broken, information may be out of date, and the views expressed in the post may no longer be held.
13
Aug 01
Mon

Financial Accounts Aggregation

This story has been circulating the office. A part of our team at EDS is responsible for implementing that for the CBA… I don’t know a great deal about cryptography, but one thing I don’t get is when they say all the passwords are stored under one way triple-DES encryption. If that’s true – how do the CBA servers logon to third party financial institution servers to gather information from them? The CBA servers still need to be able to send the decrypted password to other banks’ servers (although re-encrypted via SSL) – for that you’d need two way encryption which means that passwords can be recoverable. Hmmmm…

This post has no comments. Add yours below.

Add a Comment

You must be logged in to post a comment.