[Ach] RC4 ostensibly fully b0rken

Aaron Zauner azet at azet.org
Thu Nov 7 16:15:44 CET 2013

To substantiate that, a quick Google [sic!] search yields a lot of results for different (sometimes TLS unrelated) attacks against RC4.


On 07 Nov 2013, at 16:11, Aaron Zauner <azet at azet.org> wrote:

> Hi,
> Although i’m not exactly sure if there is substantial background to Jakes tweets (maybe he tries to scare people for a good purpose? :)) - I absolutely agree. I’d like to see that publication, but besides, RC4 should not be used to encrypt online communication. IACR papers have long suggested that different attacks might be possible and cryptographers had warned for a long time not to rely on RC4 anymore. Taking into consideration that NSA employs some of the best mathematicians and cryptanalysts out there - and, of course, do not publish their findings - RC4 should have been considered harmful for quite some time.
> Thats basically like saying “ok triple DES has 168 bits, its not brutefoceable in the foreseeable future, so we can still use it” - no you can’t. Bruteforcing is not what we should be afraid of rather proper cryptanalysis, side-channel and timing attacks.
> Windows XP should be considered depreciated!
> Thanks for your input on the matter.
> Aaron
> On 07 Nov 2013, at 15:51, Pepi Zawodsky <pepi.zawodsky at maclemon.at> wrote:
>> According to Jake Appelbaum the NSA has the ability to decrypt RC4 in realtime now. (A publication about this should be available soon.) I honestly trust Jake when he just drops a statement like this. RC4 has had it's fair share of cryptanalysis. Knowing that RC4 shall now be considered cleartext makes it harder to mitigate BEAST serverside.
>> I guess we have to take the plunge and actually recommend to take XP boxes OFF of the internet for real. We cannot take measures to make “secure” communications with theses boxes by server side configuration without knowingly compromising everyone else. So my take is to drop XP.
>> I'll add more info on the RC4 issues as soon as I get them!
>> Pepi
>> On 07.11.2013, at 00:07, L. Aaron Kaplan <kaplan at cert.at> wrote:
>>> which will break if we do not give them RC4 and similar known-weak settings
>> _______________________________________________
>> Ach mailing list
>> Ach at lists.cert.at
>> http://lists.cert.at/cgi-bin/mailman/listinfo/ach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1091 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.cert.at/pipermail/ach/attachments/20131107/bb5dbab7/attachment.sig>

More information about the Ach mailing list