HTTPS is NOT broken (RC4 is)

Here we go again:

The answer is firmly: NO.

What the articles really mean is

HTTPS using RC4 is weak, but we have known that for years. Some research has found a particular good way of breaking RC4, so it is worse than ever. Please use a widely available stronger symmetric algorithm.

But I guess that does not make a good headline, so I guess we have to live with the hype.


One thought on “HTTPS is NOT broken (RC4 is)

  1. You’re right, of course; it must have been a slow news day.

    Cryptographers are naturally a very conservative lot, and RC4 has had warning bells rung over its use since (um…) around 2005, when Ron Rivest announced that, given a snippet of <200 bytes from an RC4 stream, he could confidently identify it as being RC4. This makes it distinguishable from whitenoise, even without getting to choose the plaintext, which means it fails one of the important strength-checks of a Feistel cipher – and its fate should have been sealed right around then. Like many other things, though, it takes bits of the world a while to catch on…


Comments are closed.