On Sat, Nov 02, 2013 at 01:13:02AM +0100, Kurt Roeckx wrote:
> On Fri, Nov 01, 2013 at 11:57:26PM +, brian m. carlson wrote:
> > Package: openssl
> > Version: 1.0.1e-4
> > Severity: wishlist
> >
> > RC4 is insecure. It has significant biases in its output, even if you
> > drop the beginning o
On Fri, Nov 01, 2013 at 11:57:26PM +, brian m. carlson wrote:
> Package: openssl
> Version: 1.0.1e-4
> Severity: wishlist
>
> RC4 is insecure. It has significant biases in its output, even if you
> drop the beginning of the keystream. It is considered insecure when
> used in WEP, in WPA, in
Package: openssl
Version: 1.0.1e-4
Severity: wishlist
RC4 is insecure. It has significant biases in its output, even if you
drop the beginning of the keystream. It is considered insecure when
used in WEP, in WPA, in TLS, and as a PRNG. Nobody should still be
using it, certainly not by default.
3 matches
Mail list logo
