Feeds

back to article HTTPS cookie crypto CRUMBLES AGAIN in hands of stats boffins

Fresh cryptographic weaknesses have been found in the technology used by Google and other internet giants to encrypt online shopping, banking and web browsing. The attack, developed by security researchers at Royal Holloway, University of London and University of Illinois at Chicago, targets weaknesses in the ageing but popular …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Don't use RC4.....OR

...just disable/clear cookies

0
1
Silver badge
Headmaster

Is CBC-mode really an "algorithm"?

I'm being picky here, but the paragraph that begins "RC4 was invented by Ron Rivest in 1987..." seems to imply CBC is an encryption "algorithm" like RC4, when it's just a way of using a class of encryption "algorithm" (a block cipher like 3DES or AES) to encode a stream of data.

I've not sent a correction because I can't see a better way to phrase it and I wanted other people's comments on how picky I was being.

1
0
Thumb Up

Re: Is CBC-mode really an "algorithm"?

I'm being picky here, but the paragraph that begins "RC4 was invented by Ron Rivest in 1987..." seems to imply CBC is an encryption "algorithm" like RC4...

Not that picky at all. CBC is not an encryption algorithm, but a way of chaining together successive uses of a block encryption algorithm to encrypt a large body of data -- such things are usually described as "modes of operation".

http://en.wikipedia.org/wiki/Block_cipher_modes_of_operation

3
0
Silver badge

Re: Is CBC-mode really an "algorithm"?

I disagree, CBC is a children's TV channel

2
0
Silver badge
Boffin

Re: Is CBC-mode really an "algorithm"?

Not picky ... CBC's a cipher *mode*. So you get RC4-CBC, AES-CBC and such. Though people should really be doing AES-GCM.

The fun thing is that both RC4 *and* CBC mode should no longer be used. I'd add 3DES to the mix, if only because it's basically DES three times, and DES has been cracked for ages by now...

2
0
Bronze badge
Headmaster

Re: Is CBC-mode really an "algorithm"?

Of course it's an algorithm. It's just not a crypto algorithm.

Anthing that says "do this, then this..." is an algorithm.

The Wiki page you cite starts "In cryptography, modes of operation is the procedure ..."

The wiki page for Algorithm starts "In mathematics and computer science, an algorithm is a step-by-step procedure..."

1
0
Boffin

Should be using AES-GCM anyway IMHO.

Authenticated encryption done properly.

0
0
Bronze badge

The new attack needs a tile with a cool acronym.

You know, like BEAST and CRIME and SODOMY. Something exciting in all capitals in headlines.

Transport Echo, Data Interception, Overloading Unsuitable Security.

How's that?

4
0
This topic is closed for new posts.