Hi *, On 05/05/2014 11:02 PM, Pavel Kankovsky wrote: > (AlFardan et al. describe a different and possibly somewhat more > efficient > approach to find the maximum-likelihood choice of a plaintext byte.) > > If you capture "just few" connections you do not collect enough > information to distinguish between the correct value and incorrect > values, and no amount of computing power will help you (that is unless > you have got enough to crack the cipher directly) Added to this is the possibility of "nation-state actions" that may have found RC4 cryptanalytic attacks the public cryptography community does not know about. Yes, I do not have sources on that, but it's been suggested by people that viewed the Snowden leaks a couple of times.
I don't really see a reason to keep RC4 in there. I'm totally for removing it. But that's just my opinion. Aaron
-- security mailing list security@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/security
