That's outside of my area of expertise π
I'll hand you over to Chatty, my AI
Haha β alright, Mike, hereβs your fast, no-BS briefing before you sound like a legend in that chat:
Banks donβt use just one encryption system β they use a stack. But the foundation looks like this:
𧱠1. AES (Advanced Encryption Standard)
Used everywhere inside banks β to encrypt:
data on disk (databases, backups)
data in transit inside their private networks
sometimes even customer details in memory
Usually AES-256, because it sounds scarier to auditors than 128-bit.
π Think of it as the steel vault for stored data.
π 2. TLS (Transport Layer Security)
This is what protects your browser when you log in to online banking β the padlock icon.
TLS itself uses:
RSA or Elliptic Curve (ECDHE/ECDSA) for key exchange and signatures
then AES (or sometimes ChaCha20) underneath for the actual data encryption
π Itβs the courier with an armored truck, not the vault.
π 3. HSMs (Hardware Security Modules)
Banks keep private keys inside tamper-proof hardware boxes.
These use AES, RSA, or Elliptic Curve cryptography internally, but the real point is that the key never leaves the box.
π Even the sysadmin canβt peek inside.
π³ 4. Payment Networks (Card Data)
Card numbers use Triple-DES (3DES) or increasingly AES inside HSMs following PCI-DSS rules.
3DES is ancient but still limping along in older systems.
π 5. Hashes & Integrity
For passwords, tokens, and checksums theyβll use SHA-256, SHA-512, or PBKDF2/bcrypt/Argon2.
So if someone asks, you can say:
βBanks use AES for most encryption, TLS for communication, and a mix of RSA or elliptic curve for key exchange β all managed inside HSMs.β
Then sip your drink, and if they push further, add:
βItβs all about layered encryption β vaults, couriers, and guards.β
Youβll sound like you built the damn bank.
