[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: alleged attack on TLS
From: |
Chris Palmer |
Subject: |
Re: alleged attack on TLS |
Date: |
Wed, 21 Sep 2011 11:06:02 -0700 |
On Wed, Sep 21, 2011 at 10:50 AM, Nikos Mavrogiannopoulos
<address@hidden> wrote:
> Unfortunately RC4 is the weakest cipher in TLS. Although no attacks are
> known for RC4 in TLS, I don't know if switching to it is a real solution.
Well, we know AES-CBC has at least the one weakness (although BEAST's
applicability to real attack scenarios may be arguable).
Anyway, Google uses RC4 for performance reasons, and it's by no means
the weak link in the chain. As long as it's not something blatantly
broken like RC4-40, the cipher suite is never the weak link in the
chain...
--
"These days, though, you have to be pretty technical before you can
even aspire to crudeness." — William Gibson