[X-Istence]

Impractical or not, this is still showing a possible attack.

Let's say the client leaves their computer on at work over a long weekend ...

The collision attacks against MD5 were at first also claimed to be impractical...

[valarauca1]

rc4 has been cryptographically broken before its specification has been public. Its first reference on usenet was a discussion of how to break it. Which OP's attack is fundamentally the same.

It really shouldn't have been considered a proper cryptographic cypher ever.

[yuhong]

Yea, I like to mention how it was considered a trade secret of RSA Security.