The reason why Twitter, Google, and other companies went to RC4 is because of issues with AES. The CBC and known IV attacks permitted BEAST to occur. RC4 was the safest way out.
Even then, RC4 can be broken. In short, no one on the Internet is running SSL in a way that cannot be broken. Although, we have to be careful about use of the word 'broken' here. Broken means: There is a known attack against the cipher, which, given enough time, may work against your target. https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what As an industry, we need to move to AES/GCM and TLS1.2 as soon as possible, but, for many people, the current level of security is adequate. -j On Thu, Jul 25, 2013 at 1:26 PM, Florian Weimer <f...@deneb.enyo.de> wrote: > > Google also declined to disclose whether it had received requests > > for encryption keys. But a spokesperson said the company has "never > > handed over keys" to the government, > > Surely they have provided hard disk images containing key material to > aid government investigations related to themselves or their > employees? Certainly, the key material wouldn't be the focus of the > data sharing in such cases, but saying that it never happened is a bit > of a stretch. > > But this pressure finally explains why Google would prefer ephemeral > DH (for perfect forward secrecy) with RC4 over AES without it: > > <https://www.imperialviolet.org/2011/11/22/forwardsecret.html> > <https://www.imperialviolet.org/2012/03/02/ieecdhe.html> > > This didn't make much sense at the time because is by far > weakest-looking cipher in wide use. But if Google faced demands to > disclose the private keys used by their TLS servers to enable passive > eavesdropping, switching on perfect forward secrecy might counteract > these demands. > -- > Too many emails? Unsubscribe, change to digest, or change password by > emailing moderator at compa...@stanford.edu or changing your settings at > https://mailman.stanford.edu/mailman/listinfo/liberationtech >
-- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech