Communication from broker to terminal encryption/security

New comment
 

Hi there.

I was browsing around and from https://www.metatrader5.com/en/terminal/help/start_advanced/security I found that the communication from the terminal on my PC to the broker is encrypted using a 128-bit SSL encryption. I really hope that this is outdated information, since 128 bit keys are outdated a long time ago and SSL has been broken more than ten years ago. Does anybody have more info on this?

And also you apparently can upgrade to "Extended Authentication" (https://www.metatrader5.com/en/terminal/help/start_advanced/extended_authorization) and generate your own certificate. A little bit further down however you see that it uses the RSA-SHA1 algorithm which was also already broken twenty years ago. Am I misunderstanding something here or can any newbie hacker decrypt what I send to my broker via the terminal?

Cheers, tandoori

Security System - For Advanced Users - Getting Started - MetaTrader 5 Help
Security System - For Advanced Users - Getting Started - MetaTrader 5 Help
  • www.metatrader5.com
Particular attention is paid to the security of the trading platform. The following measures are undertaken to provide secure operation: Data...
 
tandoori_mql:

Hi there.

I was browsing around and from https://www.metatrader5.com/en/terminal/help/start_advanced/security I found that the communication from the terminal on my PC to the broker is encrypted using a 128-bit SSL encryption. I really hope that this is outdated information, since 128 bit keys are outdated a long time ago and SSL has been broken more than ten years ago. Does anybody have more info on this?

And also you apparently can upgrade to "Extended Authentication" (https://www.metatrader5.com/en/terminal/help/start_advanced/extended_authorization) and generate your own certificate. A little bit further down however you see that it uses the RSA-SHA1 algorithm which was also already broken twenty years ago. Am I misunderstanding something here or can any newbie hacker decrypt what I send to my broker via the terminal?

Cheers, tandoori

Are you really big enough financially for someone to bother doing all that?
 
tandoori_mql:

Hi there.

I was browsing around and from https://www.metatrader5.com/en/terminal/help/start_advanced/security I found that the communication from the terminal on my PC to the broker is encrypted using a 128-bit SSL encryption. I really hope that this is outdated information, since 128 bit keys are outdated a long time ago and SSL has been broken more than ten years ago. Does anybody have more info on this?

It's not true that 128 bit keys are outdated, what matters is the protocol used (must be TLS and not SSL). 128 bit AES key is still very commonly used and recommended, and can not be broken.

After checking it appears TLS 1.2 is used.

 
Alain Verleyen #:

It's not true that 128 bit keys are outdated, what matters is the protocol used (must be TLS and not SSL). 128 bit AES key is still very commonly used and recommended, and can not be broken.

After checking it appears TLS 1.2 is used.

Hey, thanks for the reply.


After checking I can confirm that 128 is still widely used. How did you find out about TLS 1.2.?


Cheers, tandoori

New comment