POV-Ray: Newsgroups: povray.off-topic: BIGNUMs for Andrew: Re: BIGNUMs for Andrew

POV-Ray : Newsgroups : povray.off-topic : BIGNUMs for Andrew : Re: BIGNUMs for Andrew		Server Time 4 Sep 2024 19:22:22 EDT (-0400)

From: Invisible
Date: 18 Jan 2010 05:55:09
Message: <4b543e0d$1@news.povray.org>

>> I just visited a random website that uses HTTPS, and it seems all the
>> certificates are RSA 2,048 bits. Which is interesting, because the
>> encryption itself is just RC4 (128 bits). And this is "high-grade
>> encryption"??
> 
> The purpose of the https is mainly authentication.

It proves you're giving your credit card details to the right company.

...and it's supposed to prevent anybody listening in from stealing the 
data in transit. So, yes, the encryption part is supposed to actually work!

> Encryption using RC4 is weak anyway, and unpublished (STO: bad!)

Unpublished, but never the less leaked and therefore widely known and 
analysed. As to how weak it is... well, it wouldn't be my first choice.

Interesting that Firefox refers to it as "high-grade encryption". 
(Presumably because it's 128-bit RC4 and not the 40-bit RC4 that USA 
export software used to have to use. That stuff really *is* weak!)

> RC4 is just quick enough to not bother too much a server.

Probably.

> the 128 bits of the RC4 key are used to generate a pseudo-random bit
> sequence, and applying the output to XOR.

This is the definition of "stream cipher", yes. Lots of ciphers work 
this way.

> It might stop your child from eavesdropping, but that pretty all.

It certainly isn't *trivially* breakable by any means. But sure, it 
isn't the cipher I'd choose.

> For instance, it is used in Wep (wifi)... and wep-keybreaker are everywhere.

WEP is broken due to the simplistic way keys are handled, not due to RC4 
itself as such.

Post a reply to this message