 |
|
|
|
|
|
| |
| |
|
|
|
|
| |
| |
|
|
>> I just visited a random website that uses HTTPS, and it seems all the
>> certificates are RSA 2,048 bits. Which is interesting, because the
>> encryption itself is just RC4 (128 bits). And this is "high-grade
>> encryption"??
>
> The purpose of the https is mainly authentication.
It proves you're giving your credit card details to the right company.
...and it's supposed to prevent anybody listening in from stealing the
data in transit. So, yes, the encryption part is supposed to actually work!
> Encryption using RC4 is weak anyway, and unpublished (STO: bad!)
Unpublished, but never the less leaked and therefore widely known and
analysed. As to how weak it is... well, it wouldn't be my first choice.
Interesting that Firefox refers to it as "high-grade encryption".
(Presumably because it's 128-bit RC4 and not the 40-bit RC4 that USA
export software used to have to use. That stuff really *is* weak!)
> RC4 is just quick enough to not bother too much a server.
Probably.
> the 128 bits of the RC4 key are used to generate a pseudo-random bit
> sequence, and applying the output to XOR.
This is the definition of "stream cipher", yes. Lots of ciphers work
this way.
> It might stop your child from eavesdropping, but that pretty all.
It certainly isn't *trivially* breakable by any means. But sure, it
isn't the cipher I'd choose.
> For instance, it is used in Wep (wifi)... and wep-keybreaker are everywhere.
WEP is broken due to the simplistic way keys are handled, not due to RC4
itself as such.
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Invisible <voi### [at] dev null> wrote:
> I just visited a random website that uses HTTPS, and it seems all the
> certificates are RSA 2,048 bits. Which is interesting, because the
> encryption itself is just RC4 (128 bits). And this is "high-grade
> encryption"??
Number of bits between different encryption algorithms is not comparable.
For example AES-256 is currently thought to be unbreakable while RSA-512
is not, even though the latter uses twice as many bits.
--
- Warp
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Warp wrote:
> Invisible <voi### [at] devnull> wrote:
>> I just visited a random website that uses HTTPS, and it seems all the
>> certificates are RSA 2,048 bits. Which is interesting, because the
>> encryption itself is just RC4 (128 bits). And this is "high-grade
>> encryption"??
>
> Number of bits between different encryption algorithms is not comparable.
Most particularly, asymmetric algorithms such as RSA typically require
far more bits than do symmetric algorithms such as RC4. But sure, it
also varies by individual cipher of course.
My point was that 128 bits isn't much for *any* symmetric cipher. So
calling this "high-grade encryption" is somewhat misleading.
2,048 bits for the RSA cipher, OTOH, should be safe for a while yet...
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
| |
|
|
Le_Forgeron wrote:
> For instance, it is used in Wep (wifi)... and wep-keybreaker are everywhere.
Not because RC4 is easy to break, tho, but because RC4 is a stream cypher
being used to encrypt multiple small unordered packets from multiple
sources, so most of the key winds up being put into every packet.
RC4 used as a stream cypher is much stronger than RC4 used as a block cypher.
--
Darren New, San Diego CA, USA (PST)
Forget "focus follows mouse." When do
I get "focus follows gaze"?
Post a reply to this message
|
|
| |
| |
|
|
|
|
| |
|
|
