|
![](/i/fill.gif) |
On 10/10/2011 06:04 PM, Darren New wrote:
> On 10/10/2011 3:11, Invisible wrote:
>> RC4? Man, how ancient is that? You realise it was a weakness in RC4 that
>> allowed WEP to be broken, right?
>
> No. It was sending the key with each packet of data that allowed WEP to
> be broken.
Technically, it was
1. Restarting the keystream for each packet.
2. Using related keys for each packet.
> A stream cipher is a terrible tool to encrypt a packet-switched network.
Probably. (Personally, I don't like stream ciphers, but anyway...)
>> (Sadly, on further investigation, it appears that TLS 1 still uses RC4 or
>> Triple-DES. So much for HTTPS being secure...)
>
> RC4 hasn't been broken if you don't restart the stream for every packet.
RC4 has weaknesses concerning related keys. Also, the first few KB of
the keystream is quite weak. Also, the keystream has certain statistical
weaknesses. Also...
Wikipedia says something about AES being supported in TLS. But not the
version(s) that everybody actually uses, by the looks of it.
Post a reply to this message
|
![](/i/fill.gif) |