Tag Archives: RC4RC4

RC4, CBC, what the …?

March 27, 2013 by Bruce Morton     No Comments

BEAST & Lucky Thirteen attacks said, “Prioritize RC4 cipher suite.” AlFBPPS attack said, “RC4 is old and crummy. CBC-mode would be better.”

RC4 Attack in SSL/TLS

March 19, 2013 by Bruce Morton     1 Comment

The team of Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt published an RC4 encryption attack in SSL/TLS.

Filed Under: Secure Browsing, SSL, SSL Deployment Tagged With: BEAST, CBC, encryption

BEAST and RC4

July 18, 2012 by Bruce Morton     No Comments

In order to mitigate a BEAST attack, the advice is to prioritize RC4 cipher suites on your Web server to avoid the use of vulnerable cypher block chaining (CBC) suites. But how well do the clients support RC4? Ivan Ristić of Qualys did some tests at SSL Labs and saw that only 45 of 48,481 unique [Read More...]