If someone is sending info such as a credit card number across the internet that has been encrypted to the fullest, is there a way to break it quickly and how? Explain if you can, I'm trying to learn(I not goin to do it just tryin to safe). And also once you are in a secure site, is there any chance to monitor info coming in and out to possibly decrypt it without beening noticed? Holla

Well im not much for encryption, but i think almost any encryption can be broken with time..... but then again most of these people dont have alot of time.

Overall, if u are putting your CC into a secure server i belive its safe :)

The standard encryption algorithm used is pretty secure - it almost certainly doesn't meet military (DoD) standards, but the chances of you or I breaking it without access to a supercomputer are remote. And yes, you may be able to log some encrypted data, but this won't be of any use unless you have some inside information.
The real weaknesses are that your PC may be compromised (are you absoulutely sure you have never had any key logging software running on your PC?), or that the so called 'secure server' has leaked your data.
There have been a few cases recently (e.g. AOL) where CC information on the server has been made available to other people, almost certainly with the assistance of employees of the company.
CC info is not really that secret - in the UK if you a hire a decent private detective they can obtain CC info, credit ratings, criminal records, copies of birth cirtificates etc. etc.
My view is that sending CC info over the net is no more risky than giving CC details over the phone, or using your card in a store/restaurant etc.

hmm two things..
Packet Sniffer and Decrypting

U sniff out the packets and decrypt them.. but it doesnt sound as simple as it seems..

s0nic I wonder if you ever had tried sniffing a SSL connection :/
As darkes says, if your computer had been compromised before and a keylogger (key-stroke logger) was installed you might have problems.
There's a funny example for that in the book "Hacking Exposed" (1st edition) at page 155, I'll write that below, this is a screen shot taken from a keylogger;

Dear Jim,
The password for the bank vault is "opensesame." I will send you this message via our secure, encrypted modem so that no one will ever learn such an important piece of information. Encryption is foolproof!
Sincerely,
John

heheehe
:hiphop: :smokes:

Just to elaborate on my previous post.
If you want to try and break an encrypted message then you would need to go through these steps.
1. Find out how the message is encrypted (easy for most private & commercial systems, but almost impossible for more sensitive systems)
2. Research/analyse it from a mathematical point of view - just because you are using a complicated algorithm does not mean that there is not a back door to reverse the process.
3. Look for human weaknesess, e.g. computers involved, people etc.

In todays world, 1. is a given for most private & commercial systems, and most of 2. is in the public domain. Speaking as someone with a maths degree I would be extremely surprised if there was any way of easily breaking PGP, for example.
3. is where the opportunity lies - key logging software being the easy option today, but more subtle approaches can work.
To give a classic example, some of the German traffic (ENIGMA) during WWII was broken because the operators sent out the same information at the start of every message. This information was used to drastically reduce the number of keys to search for by brute force.

ANY encryption can be broken using different Frequency equasions and Junk filters.....
This method has been used for over 2000 year's ........but it was really slow then.....now...it's slower.... :(
Without a really REALLY powerfull comp, there is little to NO chance that u'll be able to crack an encryption without knowing what encryption it is and maby some more inside info.....

As said earier, Compromisation is the moost dangerous......
aww well......good luck....

- Noia

There is one method of encryption that cannot be broken - the 'one time pad'.
This uses a very simple algorithm which effectively just transposes letters in the original message to something else, which has been used for the last few hundred years.
It depends entirely on the fact that both parties have access to the one time pad - by definition, it is only used once, and then destroyed.
If the one time pad is random (using pages from a book as a one time pad for example is not random), then it is impossible to decrypt, unless you obtain copies of the one time pad itself.

Credit Card numbers...as you well know, are usually secured by 128-bit SSL encryption...which is a public-key type of encryption, meaning that YOU type the info into your computer, it is then encrypted WITH THE PUBLIC KEY (while still in your computer via a plug-in, or via a median server/host network)...then sent to the recieving server/network and decrypted using a DIFFERENT(the private) KEY. Two keys, one for encryption, one for decryption...and can't be interchanged. I am unaware of the reverse engineering capacity for 128-bit keys, but I imagine that it would take a huge amount of processing power to do it, if possible.
In order to acquire a key that is relative to the info you seek...you would have to do illegal things...(keyloggers, invasive packet sniffers, pass crackers, etc...)...and really none of those deal with the actual decryption of the encryption protocol...just a way to remotely break into and use the proper software to do it for you...
As far as the security of 128-bit encryption goes vs. the more primitive kinds goes, i'll quote an article by Dick Archer...
"40-bit key: the same as sending a letter in a plain, white envelope;
56-bit key: the same as sending a letter in a security envelope that is printed to prevent the contents from showing through;
128-bit key: the same as sending a letter in a lead-lined, 12-inch thick titanium safe transported by an armored tank with a convoy of a hundred armed guards"
A 128-bit key is approximately 309 septillion times larger than a 40-bit key...therefore that much harder to break...

The gov. uses 1024-bit keys for the 'red-button' type of transmissions as far as I know...

Ouroboros

For Ourboros, has anybody in history been able to break a 1024 bit ecryption? :confused: Holla

The key is to catch the data in its unencrypted state.

to break a encryption u need a good decoder and i am not about some program that hacks in an trys to find a crack hole. i am talking about a program that trys to match all numbers 0-9 and all the letters of the alphabet upper and lower case form. very much like putting a 10 000 peice puzzle together it might be long but it might work. another thing is u MUST be in a sucure sever. and u will need 10 or more firewalls all diferent types or get 2 1000 bit firewalls so u don't get burnt. i know that it is very very hard to get but keep looking!!!

Actually its like putting together a 295,147,905,179,352,825,856 peice puzzle (correct me if I counted wrong... I used a standard 16-number cc# which might be encrypted with 1024bit)
And wildfreeze, can you please not post fully in purple, glowing text... Its worse on the eyes that CAPS ;)

To come back to the original question about encryption security using a normal browser (IE, Netscape, Opera etc.), SSL is the protocol that is used as Ouroboros pointed out. SSL itself is not tied to a specific encryption algorithm - it just defines how two computers will talk to each other using encrypted data and sits on top of TCP/IP, and includes things such as exchanging certificates (digital signatures), and ways to prevent spoofing of data i.e. inserting a bogus packet into the data stream. Incidentally, this means that packet sniffing an SSL link will only give encrypted data, as all the TCP/IP packets contain encrypted data.
In practice, all normal browsers use a 128 bit RSA algoritm, but if you really wanted to there is nothing to stop you setting up an SSL link that used some sort of 1024 bit security.
As ever, a search on google for say, "SSL algorithm" will give details of how this all works - if you follow some of the links they will take you into details of known weakness, and the maths behind it all. The weaknesses are not really significant for you or I, as you would still need vast computing power to crack the 128 bit algoritm by brute force - it only really becomes possible if you have something else to go on e.g. you can make a good guess as to how one of the (private) keys was generated. Switching to a 1024 bit algoritm won't help much if there is still a weakness in the way that the key(s) are generated.
This would reduce your 295,147,905,179,352,825,856 puzzle to something more managable - to continue the analogy, you would still be trying to fit the same number of pieces together, but you would start off with a fuzzy picture as to what the completed puzzle should look