[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: alleged attack on TLS

From: Chris Palmer
Subject: Re: alleged attack on TLS
Date: Wed, 21 Sep 2011 11:06:02 -0700

On Wed, Sep 21, 2011 at 10:50 AM, Nikos Mavrogiannopoulos
<address@hidden> wrote:

> Unfortunately RC4 is the weakest cipher in TLS. Although no attacks are
> known for RC4 in TLS, I don't know if switching to it is a real solution.

Well, we know AES-CBC has at least the one weakness (although BEAST's
applicability to real attack scenarios may be arguable).

Anyway, Google uses RC4 for performance reasons, and it's by no means
the weak link in the chain. As long as it's not something blatantly
broken like RC4-40, the cipher suite is never the weak link in the

"These days, though, you have to be pretty technical before you can
even aspire to crudeness." — William Gibson

reply via email to

[Prev in Thread] Current Thread [Next in Thread]