Re: Bug#765512: general: distrust old crypto algos and protocols perdefault
On Wed, 15 Oct 2014, Christoph Anton Mitterer wrote:
> I see it a bit differently:
> RC4 is broken. Full stop.
> Therefore new versions clients and servers should per default not
> use/enable/accept it.
Sorry, but I *have* to nitpick here.
RC4 as used by SSL is mostly broken. (A server could reset login
cookies to be invalid after, say, 65536 pageloads, so that the
attack cannot be mounted. This would allow the use of RC4 in SSL
RC4 as used by arc4random is not broken, because arc4random (at
least the more sane implementations) have one or several changes
in effect that prevent the issues from RC4 becoming abused.
RC4 as used by WEP is broken. I think this cannot be phrased
RC4 as used by Kerberos has been described to you already.
RC4 (aRC4) is just a stream cipher with some bad properties,
that can, mostly, be worked around in the protocol. But if the
protocol does not do that, it’s broken, yes.
[16:04:33] bkix: "veni vidi violini"
[16:04:45] bkix: "ich kam, sah und vergeigte"...