View Single Post
  #1   (View Single Post)  
Old 15th March 2013
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Another crypto-attack on SSL/TLS encryption

From http://h-online.com/-1823227

Quote:
SSL/TLS is the foundation of secure internet connections, with RC4, designed by Ron Rivest in 1987, often used for encryption. Researchers have now come up with an attack against the algorithm that can decrypt at least the beginning of a secure transmission. The attack is still mostly theoretical, but it clearly demonstrates that there are some issues that need to be solved.

A huge number of servers use RC4, including Google, Facebook, and Microsoft's web servers. The method has a number of advantages – it's very fast, which means that it's easier for servers to handle, and it's not vulnerable to some of the recent attacks on SSL/TLS like BEAST and Lucky13 and has therefore often been recommended as an alternative. At the same time, however, RC4 is old and has its fair share of problems.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote