[cyphar]

I feel "practical" is too strong of a word here. It's probably a more practical attack than previous attacks, but that doesn't make it practical by a long stretch.

"Only" 75 hours, where you have to force the victim to do make a very large number of encrypted messages. IMO, this wouldn't work when trying to break someone's SSL connection at the local Starbucks.

[dlitz]

> ...but that doesn't make it practical...

If I had a dime for every penny of damage caused when people downplay the practicality of attacks against deployed crypto...

75 hours is enough time to attack a laptop left plugged in at the office over a 3-day weekend, and there's no reason why you'd have to attack only one laptop at a time.

The paper also says, "capturing traffic for 52 hours already proved to be sufficient", so it's not like 75 hours is some hard minimum.

Also:

"Our attack is not limited to decrypting cookies. Any data or information that is repeatedly encrypted can be recovered."

"We can break a WPA-TKIP network within an hour."

RC4 is dead, dead, dead. As with MD5, the writing's been on the wall for a while now, and attacks are only going to get better.

[yuhong]

The attack numbers are under artificially generated network traffic.

[gipsies]

Yes, but we present several techniques on how to generate these amounts of data. For TLS and HTTPS you can use JavaScript. For WPA-TKIP you need control of one TCP connection, and that is enough to generate the data. We're not saying it's a point and click attack, but it's a very good reason to start worrying :)

[ademarre]

"Attacks always get better; they never get worse." – The NSA[1]

[1] http://tools.ietf.org/html/rfc4270#section-6

[derefr]

I feel like we need a richer vocabulary for the security status of given crypto algorithms/implementations. It's great to be conservative and call everything that isn't perfect "broken", but it'd be nice to have an urgency coefficient to know whether "broken" means "someone will exploit this in a few years" or "the government could attack you with a $50mm cluster" or "your machine could be exploited while you're getting coffee" or even "there's a worm in the wild right now that uses this to spread".

[baby]

It's hard to predict how crypto can handle against powerful adversaries or in time.

But if a couple guys can break something in 75 hours, knowing crypto attacks only get better, you can already consider this broken.