Re: alleged attack on TLS

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: alleged attack on TLS

From:	Chris Palmer
Subject:	Re: alleged attack on TLS
Date:	Wed, 21 Sep 2011 11:06:02 -0700

On Wed, Sep 21, 2011 at 10:50 AM, Nikos Mavrogiannopoulos
<address@hidden> wrote:

> Unfortunately RC4 is the weakest cipher in TLS. Although no attacks are
> known for RC4 in TLS, I don't know if switching to it is a real solution.

Well, we know AES-CBC has at least the one weakness (although BEAST's
applicability to real attack scenarios may be arguable).

Anyway, Google uses RC4 for performance reasons, and it's by no means
the weak link in the chain. As long as it's not something blatantly
broken like RC4-40, the cipher suite is never the weak link in the
chain...

-- 
"These days, though, you have to be pretty technical before you can
even aspire to crudeness." — William Gibson

[Prev in Thread]

Current Thread

[Next in Thread]

alleged attack on TLS, Nikos Mavrogiannopoulos, 2011/09/21
- Re: alleged attack on TLS, Chris Palmer, 2011/09/21
  - Re: alleged attack on TLS, Nikos Mavrogiannopoulos, 2011/09/21
    - Re: alleged attack on TLS, Chris Palmer <=

Prev by Date: Re: alleged attack on TLS
Next by Date: [sr #107806] Build failure for gnutls >= 3.0.1 under Mac OS X
Previous by thread: Re: alleged attack on TLS
Next by thread: compilation error
Index(es):
- Date
- Thread