[Cryptography] RC4 again (actual security, scalability and other discussion)

ianG iang at iang.org
Mon Mar 10 15:48:32 EDT 2014

On 10/03/2014 19:21 pm, Dave Horsfall wrote:
> [ Lost original message ]
>> On 10/03/2014 06:36 am, Tom Mitchell wrote:
>>> I only say this because when folk run from something (driven by FUD) 
>>> they tend to herd like lemmings and too many fall of the cliff.
> Not this old chestnut again...  Walt Disney's crew actually drove them off 
> the cliff, OK?  Yes, it was animal cruelty.
> ObOnTopic: If we can't even get this simple historical fact right, then 
> what hope is there for crypto?

Little, seemingly.  As a historical observation, MD5 was long considered
dying, with even demonstrated breaks as far back as 2005.  Yet nobody
much moved, they all grazed on happily.

Until RabbitSSL was sent running off a cliff...

However, when NIST announced that for its government customers, only
2048 bits was considered good enough, they all moved!  Very fast.  Even
the shepherds woke up and started running...  Given that the need was
entirely for one customer for one specious and not-us attack, it is a
surprise that anyone cared .. but *everyone* moved as if this was the
most dire threat to all.

Meanwhile, SHA2 support is still spotty and SHA1 is still in use, even
tho there is a cloud over it.

Herd behaviour.  Call it lemmings if you like.  Observed, and repeat.
What hope is there?


More information about the cryptography mailing list