Security/Server Side TLS: Difference between revisions

Jump to navigation Jump to search

Security/Server Side TLS (view source)

Revision as of 17:22, 18 March 2015

119 bytes added ,  18 March 2015
→‎RC4 weaknesses
m (Undo revision 1062195: kEDH+AESGCM is not a typos. please submit changes to talk page first.)
Line 830: Line 830:


=== RC4 weaknesses ===
=== RC4 weaknesses ===
As of February 2015, the IETF explicitely prohibits the use of RC4: [[http://www.ietf.org/rfc/rfc7465.txt RFC 7465]].


It has been proven that RC4 biases in the first 256 bytes of a cipherstream can be used to recover encrypted text. If the same data is encrypted a very large number of times, then an attacker can apply statistical analysis to the results and recover the encrypted text. While hard to perform, this attack shows that it is time to remove RC4 from the list of trusted ciphers.
It has been proven that RC4 biases in the first 256 bytes of a cipherstream can be used to recover encrypted text. If the same data is encrypted a very large number of times, then an attacker can apply statistical analysis to the results and recover the encrypted text. While hard to perform, this attack shows that it is time to remove RC4 from the list of trusted ciphers.
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/1062779"

Navigation menu