[Cryptography] best practices considered bad term

Ryan Carboni ryacko at gmail.com
Thu Feb 5 15:00:12 EST 2015


On Wed, Feb 4, 2015 at 3:18 PM, Tony Arcieri <bascule at gmail.com> wrote:

>
> On Wed, Feb 4, 2015 at 2:51 PM, Ryan Carboni <ryacko at gmail.com> wrote:
>
>> RC4 apparently is too weak, and they think somehow the NSA might improve
>> on a statistical attack? Their logic is as nonsensical as attributing
>> godlike powers to the NSA and thinking the NSA has improved upon adding two
>> num
>>
>
> Both Dan Bernstein and Kenny Patterson, two of the people who worked on
> one of the statistical attacks against RC4, have suggested that their
> attack can be further refined to require fewer ciphertexts
>
> I don't even know how packets are arranged when web pages are sent., I do
>> know it comes as multiple packets, but it is possible to distinguish
>> between which packet contains the cookie and which packet does not?
>>
>
> Cookies are located in the HTTP header at the beginning of the request.
>
> The setup for a practical attack against RC4 is similar to BEAST, CRIME,
> BREACH, or POODLE: the attacker has a privileged network position that lets
> them passively MitM the victim, and gets the victim to load a malicious
> script which makes many, many requests.
>
> If the attacker is driving the victim's browser, they know exactly when
> requests start and end.
>
>

That's even less feasible. Most computers have at best, one megabit upload.
Which is further reduced by 5x assuming 2% dropped packets.

Besides, RC4 is less secure than desirable. There is no practical break.

This math obsession is probably what led the NSA to issue SHA-384 and
SHA-224 as standards... to provide mathematically comparable security, as
opposed to practical security.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20150205/a962efb2/attachment.html>


More information about the cryptography mailing list