On Sat, Nov 02, 2013 at 01:13:02AM +0100, Kurt Roeckx wrote: > On Fri, Nov 01, 2013 at 11:57:26PM +0000, brian m. carlson wrote: > > Package: openssl > > Version: 1.0.1e-4 > > Severity: wishlist > > > > RC4 is insecure. It has significant biases in its output, even if you > > drop the beginning of the keystream. It is considered insecure when > > used in WEP, in WPA, in TLS, and as a PRNG. Nobody should still be > > using it, certainly not by default. Please disable it by default in TLS > > negotiations and wherever else a default list of ciphers is provided. > > I don't think this is currently doable. The problem is that > internet explorer on XP only has 2 ciphers you would want to > use and that's RC4 or 3DES. And people seem to prefer using > RC4 over 3DES to talk to it.
Performance reasons. RC4 is, in my own implementation, about 22× faster (242 MiB/s versus 20) in theoretical speed tests, and there's not really a practical way to speed up 3DES in software. I can get *practical* transfers over SSH with aes256-ctr at 20 MiB/s over WiFi. -- brian m. carlson / brian with sandals: Houston, Texas, US +1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
signature.asc
Description: Digital signature
