On Tue, 17 Sep 2013 12:15:48 -0400 Jerry Leichter <leich...@lrw.com> wrote: > Actually, I think there is a potentially interesting issue here: > RC4 is faster and requires significantly fewer resources than > modern block ciphers. As a result, people would really like to use > it - and actually they *will* continue to use it even in the face > of the known attacks (which, *so far*, are hardly fatal except in > specialized settings).
If you are dealing with huge numbers of connections, you probably have hardware and AES is plenty fast -- modern Intel hardware accelerates it, too. (If you really want a fast stream cipher, why not use ChaCha20 or something else that is probably much better than RC4? I mean, if you're going to propose changing it, as you do, it won't interoperate anyway, so you can substitute something better.) In any case, I would continue to suggest that the weakest point (except for RC4) is (probably) not going to be your symmetric cipher. It will be protocol flaws and implementation flaws. No point in making the barn out of titanium if you're not going to put a door on it. Perry -- Perry E. Metzger pe...@piermont.com _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography