[userbinator]

The keys they used were only 128 bits, whereas RC4 actually supports up to 2048 bits. I wonder how much that affects their results. (AFAIK the 128 bits is an export restriction thing, upgraded from the previous trivially-breakable 40 bits.)

Also, 16 characters seems awfully short for a cookie, especially one meant for authentication purposes.

[xyzzy123]

I don't think SSL/TLS allow key lengths > 128 bits with RC4. Export is 40 or 56 bits. You can see most supported ciphers here: https://www.openssl.org/docs/apps/ciphers.html

e.g:

    TLS_RSA_WITH_RC4_128_MD5                RC4-MD5
    TLS_RSA_WITH_RC4_128_SHA                RC4-SHA
    TLS_ECDH_RSA_WITH_RC4_128_SHA           ECDH-RSA-RC4-SHA
    TLS_ECDH_ECDSA_WITH_RC4_128_SHA         ECDH-ECDSA-RC4-SHA

[yuhong]

AFAIK one description of RC4 always expand the key to a 256 byte array by repeating the key. It would be interesting to run keystream bias tests against this full array.