[Cryptography] Fwd: OPENSSL FREAK
Ryan Carboni
ryacko at gmail.com
Mon Apr 6 12:11:58 EDT 2015
What do you want, he's part of the IETF TLS faction that thinks RC4 is
insecure, because one guy is selectively using math to attack RC4 in a
fashion no one would ever actually attempt.
I'll just reiterate what I previously posted to this mailing list:
http://www.isg.rhul.ac.uk/tls/RC4passwords.pdf
>
> A 2^24 attack is impressive.
>
> Now... let's see... going through a list of 70,000,000 passwords
> log(70,000,000)/log(2)=26 bits.
>
> but many passwords aren't unique, and many are more common than others
>
> and could be cross referenced with other databases of usernames and
> passwords, as well as maybe an automated search of a user's social media
> preference to determine their pets and interests....
>
>
> I think cryptography is suffering from an excessive focus on math.
>
>
But whatever.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150406/8838257c/attachment.html>
More information about the cryptography
mailing list