Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt

Ryan Carboni <> Wed, 22 October 2014 18:37 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 3C4DF1ACF9B for <>; Wed, 22 Oct 2014 11:37:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Ppi0NhuaFqu7 for <>; Wed, 22 Oct 2014 11:37:18 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 2B1081ACF94 for <>; Wed, 22 Oct 2014 11:37:18 -0700 (PDT)
Received: by with SMTP id d1so2178054wiv.14 for <>; Wed, 22 Oct 2014 11:37:16 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type; bh=4C8Y8XgZ7SQb6+kykeMv+orE17iiPLsfjMD1Y1fKzjc=; b=gm+pKNrN1UlRfwMjVF9D9DbIvdbWnCadzGfZYbi5AKF3+akl3oyGgMK+m4db1CUQ7+ IEtDaKuUivDA5BGGVS4NY2zTTTrf2UviCKOUCCyteY6uz4fXJixoddHCU0XYpEKHmH87 j7iv6W4iWWn68D7tfGfUuoDPwHvorSXEZ+YCN2NR+IWrzqa1IVB7ABSUi4vDvEtYD4mv G1yRLJvgXFaLWsfvEJbBjhz/oLialabrpuVmsL2gTHrIZdE2G5O8YXNlWbJVsjkP33nS 321cOeSBAyifyPtmDl6pUO/+GZEmcFt7rS9T1rHgD5VcPWH1QFLofFLOsb9Z1zm6QG91 UsVA==
X-Received: by with SMTP id mp6mr631wjc.2.1414003036626; Wed, 22 Oct 2014 11:37:16 -0700 (PDT)
MIME-Version: 1.0
Received: by with HTTP; Wed, 22 Oct 2014 11:36:36 -0700 (PDT)
From: Ryan Carboni <>
Date: Wed, 22 Oct 2014 11:36:36 -0700
Message-ID: <>
To: "" <>
Content-Type: multipart/alternative; boundary=047d7b3a8c08b5a5750506073c3c
Subject: Re: [TLS] I-D Action: draft-ietf-tls-prohibiting-rc4-01.txt
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 22 Oct 2014 18:37:22 -0000

> Well, never is a long time, and it is already somewhat broken, in that
> the bias in at least firt 256 bytes of output makes fixed plaintexts
> transmitted repeatedly under varying keys vulnerable to recovery.

Yes, there's obvious issues with RC4's key-schedule. I visit some websites
as much as 2^15 times a year, or 2^(6.5) times a day, mostly forums of
interest. The bias attack at best can break 2^30. Or to put it in better

"The best, known attack against using RC4 with HTTPS involves causing a
browser to transmit many HTTP requests -- each with the same cookie -- and
exploiting known biases in RC4 to build an increasingly precise probability
distribution for each byte in a cookie. However, the attack needs to see on
the order of 10 billion copies of the cookie in order to make a good guess.
This involves the browser sending ~7TB of data. In ideal situations, this
requires nearly three months to complete."

RC4 should be fully deprecated... in 2020.