Welcome to Comcast Help & Support Forums
Find solutions, share knowledge, and get answers from customers and experts

New to the Community? Start here.




online now



Back to Top

Obsolete key exchange and ciphers

Posted by
Frequent Visitor
  • Thank you contributor for your first reply to the community!
 Posting replies is the best way to get involved.
  • Congrats on Posting your first topic!

Member Since: ‎10-14-2016
Posts: 6
Message 1 of 1 (456 Views)

Obsolete key exchange and ciphers

Nice to see that Comcast is real concerned about security.


Found out from Chrome, that https://connect.xfinity.com/appsuite is using:


1) an obsolete key exchange (RSA)

2) an obsolete cipher (AES_256_CBC with HMAC-SHA1)


Initial research on the Internet, old computer science textbooks and some authorative literature - it appears these 2 parts of Comcast's security put a user's password of being cracked as it is transmitted over the network.  Independent of anyone "breaking into" the Comcast server.