[Cryptography] paranoid cryptoplumbing is a probably not defending the weakest point

Perry E. Metzger perry at piermont.com
Tue Sep 17 12:28:40 EDT 2013

On Tue, 17 Sep 2013 12:15:48 -0400 Jerry Leichter <leichter at lrw.com>
> Actually, I think there is a potentially interesting issue here:
> RC4 is faster and requires significantly fewer resources than
> modern block ciphers.  As a result, people would really like to use
> it - and actually they *will* continue to use it even in the face
> of the known attacks (which, *so far*, are hardly fatal except in
> specialized settings).

If you are dealing with huge numbers of connections, you probably have
hardware and AES is plenty fast -- modern Intel hardware accelerates
it, too.

(If you really want a fast stream cipher, why not use ChaCha20 or
something else that is probably much better than RC4? I mean, if
you're going to propose changing it, as you do, it won't interoperate
anyway, so you can substitute something better.)

In any case, I would continue to suggest that the weakest point
(except for RC4) is (probably) not going to be your symmetric cipher.
It will be protocol flaws and implementation flaws. No point in
making the barn out of titanium if you're not going to put a door on

Perry E. Metzger		perry at piermont.com

More information about the cryptography mailing list