[throwaway507]

Are you sure about that? This attack requires a js exec in browser to generate lots of traffic containing the cookie. It's a little impractical to use in a SIGINT capacity. My bet is still on precalculated DH like logjam attack.

Still the quote from @ioerror is: "RC4 is broken in real time" so that's either hyperbole or there is an attack better than 75 hours still out there.

[netheril96]

NSA has been ahead of the state of art in cryptography, as the past has shown. So perhaps they already have an even more practical attack on RC4 for a long time.

[dadrian]

I'd also lean toward Logjam, but I'm biased. :)