|
|
|
|
|
|
by tptacek
4626 days ago
|
|
|
It's not that simple. Yes, the installed base is going to keep TLS 1.0 and the legacy SSL block cipher construction in deployment for a long time. Yes, smart people (among them AGL) have said that the RC4 attack is less practical than the M-t-E timing attack on the SSL CBC ciphers. (By the way, it would be great if we could start putting the blame on M-t-E instead of CBC; the vulnerability isn't in CBC per se. CBC is fine; M-t-E is proven not to be.) But: * The timing attack also has remediations (see AGL's famous NSS patch) which don't change the protocol. * The timing attack is fundamentally unlikely to get more powerful; it's exploiting a very simple, well-understood problem. * Work on exploiting the RC4 attack is in its infancy, and there are multiple ways the attack could get both fundamentally more powerful and more efficiently implemented. * There are no software-only fixes to the RC4 problem that don't break the protocol; RC4 is fundamentally and irrevocably broken. |
|
|