I use Comcast as my ISP. I frequent the user forums and found this post yesterday: https://forums.xfinity.com/t5/Anti-...bsolete-key-exchange-and-ciphers/td-p/2867508 The dude who created this forum topic is using the Chrome browser to view the source code for the Comcast login page: https://login.comcast.net/ He includes a screen cap of the page and the source code and adds: Found out from Chrome, that (comcast.net login page) is using: 1) an obsolete key exchange (RSA) 2) an obsolete cipher (AES_256_CBC with HMAC-SHA1) Initial research on the Internet, old computer science textbooks and some authorative literature - it appears these 2 parts of Comcast's security put a user's password of being cracked as it is transmitted over the network. Independent of anyone "breaking into" the Comcast server. Can someone have a look at his forum post? I believe he's suggesting the login page of Comcast.net is not secure. Is his point valid? Or, as I suspect (old computer science textbooks and some authorative literature), is he full of ****? If so, can you give me a way to refute his position so that others aren't freaked out by this nonsense? Thank you for any help.
