Microsoft, Cisco: RC4 encryption considered harmful, avoid at all costs Microsoft has urged the Windows world to dump the once trusty but now distrusted RC4 encryption algorithm – and pick something stronger. Cisco has also told its customers to "avoid" the cipher. RC4, developed in 1987, is a popular stream cipher that's often used in HTTPS connections to protect sensitive network traffic from …
I'm no encryption expert, but there certain flaws with this
1) Many of the encryption methods are openly available as open source.
2) Even when a provider "enforces" these conditions, the most I have ever seen is "What country are you from" and "do you agree to export limitations"..
Thats a majorly effective export ban going on there!
And yet, I can download AES, sha-2, RC5 and RC6 as freeware all over the world, hosted all over the world, written by coders all over the world.
I'll stick with that which matters most. The US DoD stopped using sha-1 ages ago, dumped RC4 ages ago and either goes with AES, AES or AES.
The DoD smartcards dropped 1024 bit keys in favor of 2048 bit keys.
I figure that they did it for a good reason, not to simply change shit.
There was also some rumbling about quantum computers in use, though the degree of which what was in use was restricted to circles far more ratified than Snowden had access to.
No, I'll not comment further.
Let's not forget that many countries also have banned import of certain crypto tech. The same reasons why the US controls the export, other countries control the import. Other countries might want to spy on its citizens and strong crypto they can't break makes that harder.
China bans crypto tech import unless you have government certification.
France has this:
"As long as cryptography is only used for authentication and integrity purposes, it can be freely used. The cryptographic key or the nationality of the entities involved in the transaction do not matter. Typical e-business websites fall under this liberalized regime.
For other uses, exportation and importation to or from foreign countries must be either declared (when the other country is a member of the European Union) or requires an explicit authorization (for other countries)."
To be honest, I've never really understood what they mean by "import" and "export" in these things, apart from physical crypto gear. Digital "property" has blurred the lines of when something is entering or leaving your borders.
Plus, you can't control concepts, no matter how egotisitcal a government is. Cryptographic tech is just the implementation of a mathematical concept, which is easily distributable.
At what point does an algorithm give up and decide that what appears to be random noise is in fact random noise ?
The spooks cannot give up.
Because they spy upon everyone they must assume
1. they are being spied upon themselves
2. all measures they use to avoid being spied upon are being used against them
3. new (anti-spy and spy) measures are being developed which must be mitigated against
They spend multi-millions of Dollars/Pounds on self masturbatory fantasies where they play good guy/bad guy and the taxpayer picks up the bill.
There are some seriously disturbed individuals who wield unprecedented powers at the heart of our Governments.
Jacob Appelbaum, a computer security researcher and leading Tor developer, bluntly warned earlier this month: "RC4 is broken in real-time by the NSA – stop using it.
If true, I'd love to be a fly on the wall at the NSA. Love to see the swearing, cursing and gnashing of teeth now that this peephole has been closed.
There'd have to be a contract out on Snowden by now.
They aren't just gently sheparding us toward things that are utterly broken by design?
There are some interesting questions around elliptic curve constants provided by NSA to NIST, for example.
Snowden might not have known it all - very likely he didn't. They do keep some stuff really close, as I found out *when I worked for the NSA myself*. Some things aren't on systems that just a sysadmin with a few social engineered passwords can get to. Some aren't even on internal networks, sneaker-net only, and only the guy with this or that machine knows they have it. Just sayin.
Posting anon for obvious reasons.
Try using www.ssllabs.com/ssltest/, put in a URL, check the protocol and ciphers in list of preference. If your browser and the server can agree on a strong cipher, you're cooking on gas.
C.
> As a web browser user how do I tell if a site is using RC4?
In IE: Right click and select properties: details of the ciphers used is under connection.
In Chrome: click on the padlock on the address bar and click on the connection tab.
In Firefox it is in Tools | Page Info at the bottom of the General tab with more details on the Security tab.
While disabling RC4 is a good idea in theory, in practice it's impossible when running Windows Server boxes that are not 2008+. Windows Server 2003, while still in extended support until July 2015, only supports TLS1.0 which has a small number of ciphers; RC4 is the only cipher it does support that doesn't use CBC, so turning it off isn't an option if you need to run SSL. All the Windows 2003 CBC ciphers are worse than RC4 given how BEAST demonstrated their inherent weakness, and various patches and KB articles released shortly after BEAST resulted in the two RC4 ciphers (TLS_RSA_WITH_RC4_128_MD5 and TLS_RSA_WITH_RC4_128_SHA) being the only two left available. For some companies upgrading all their servers to Windows 2008/2012 right now just isn't a realistic option. If the charts at http://w3techs.com/technologies/details/ws-microsoftiis/all/all represent a realistic spread of IIS versions, then 42% of websites running Windows are on 2003/IIS6 (which represents around 6% of all websites in the survey), which is still a significant number of servers worldwide. Given Microsoft is supporting Windows Server 2003 for almost 2 more years, and that they're urging RC4 to be disabled, where is their announcement about a patch for 2003 to add TLS 1.2 support? After all, this would constitute a security risk, and therefore require a security fix, wouldn't it?
Yes, that is current accepted practice.
But the question is: in light of what we know now, should it be?
I for one am quite tired of the licensing disclaimers that the vendor isn't liable for anything beyond the price of the software if it is found that the software is not fit for purpose. MS and all the rest of the software vendors sell their ware on precisely the claim that it is fit for purpose. When problems in manufacturing are found which are well beyond the capability and licensing restrictions of the software, the manufacturer should be liable and should be expected to produce fixes. Just like GM, Chrysler, Ford, BMW, etc.
I tried online-business.bankofscotland.co.uk and while it got an "A" overall as it used 256-bit AES on modern browsers, it also got this:
"This site supports only older protocol versions, but not the most recent and more secure TLS 1.2"
Looking further, it lacked both 1.1 and 1.2 so no BEAST attack mitigation.
Looking at various UK Internet banking sites most seem to return cipher suites in preferred order with TLS_RSA_WITH_RC4_128_SHA listed first, so that is used even where both the client and server support something stronger. If any banking admins are reading this maybe it is time to change the cipher suite preference order or set no preference order.
A few weeks ago I examined the top 20 or so English-speaking web sites - the overwhelming majority still use RC4 for "high security web connections." The overwhelming majority of financial sites I examined also use RC4.
I don't understand how a browser can claim that a site provides "high security" when it uses RC4. Maybe there's a rule somewhere that makes it difficult/impossible to mark a previously-respected algorithm as being trash.
RC4 has never been as strong as DES, which was discarded over a decade ago.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
