Filter Blogs expand_more
Blog add
Authors add
4 Results for 'RC4'

RC4 Attack in SSL/TLS

By Bruce Morton
March 19, 2013
The team of Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt published an RC4 encryption attack in SSL/TLS. As Matthew Green says, RC4 is old and crummy.

RC4, CBC, what the …?

By Bruce Morton
March 27, 2013
We had the BEAST attack and it was said, “Prioritize RC4 cipher suite.” We had the Lucky Thirteen attack and it was said again, “Prioritize RC4.” We had the AlFBPPS attack and it was said, “RC4 is old and crummy. CBC-mode would be better, if only it wasn’t already attacked by BEAST and Lucky Thirteen.

Building Your Digital DNA: PKI and Cryptographic Disruptors

By Sandra Carielli
October 20, 2016
Researchers have demonstrated several vulnerabilities in MD5. The IETF has prohibited RC4 for use in TLS. More recently, you may have dealt with the impact of SHA-1 being removed as an acceptable algorithm in many standards, including PCI and CAB Forum, according to Entrust Datacard. 

DNS Registrar Vulnerabilities

By Bruce Morton
September 19, 2013
Watchers of the SSL industry follow SSL protocol attacks such as BEAST, CRIME, Lucky 13 and RC4 closely. They also track the rare certification authority (CA) attacks such as Comodo or DigiNotar. But they don’t seem to spend much time following attacks to the domain name registration system (DNS).
Page 1 of 1