[Ach] Ciphers

Kurt Roeckx kurt at roeckx.be
Tue Dec 31 15:24:42 CET 2013

On Tue, Dec 31, 2013 at 03:04:24PM +0100, René Pfeiffer wrote:
> On Dec 31, 2013 at 1458 +0100, Aaron Zauner appeared and said:
> > 
> > On 31 Dec 2013, at 14:24, Ralf Schlatterbeck <rsc at runtux.com> wrote:
> > > Maybe we should keep the title of the document in mind: "Better Crypto"
> > > -- there ain't no better crypto with Windows XP. Sad but true fact.
> > 
> > I agree. We cannot make everyone 100% compatible or happy. I'm against
> > RC4 in there. Even more now that cryptologists like DJB suggest that NSA
> > had a "breakthough" with RC4 a couple of years ago already. Attacks are
> > well known in literature since the mid-90ies too.
> Plus if there's a ,,breakthough" with RC4, there's probably a ,,breakthough"
> with Windows XP security, too.

So I've been looking for statistics, but I can't seem to find a
place that really has the stats I want.  And depending on who you
ask you also get widely different answers.  Windows XP users would
be somewhere between 10% and 25%.  But the only problematic part
would be those using internet explorer.  The best guess I can find
for that is 10% of all users use internet explorer on windows XP.
And I'm not sure I want to keep 10% of my users away.  But this will
most likely totally depend on the area, some will see more, some
see less.

So the choise is between not having those users, RC4 and 3DES.  And
I would go for 3DES in that case.


More information about the Ach mailing list