[Pkg-openssl-devel] Bug#728504: Bug#728504: libssl1.0.0: please disable RC4 by default

brian m. carlson sandals at crustytoothpaste.net
Sat Nov 2 01:47:00 UTC 2013


On Sat, Nov 02, 2013 at 01:13:02AM +0100, Kurt Roeckx wrote:
> On Fri, Nov 01, 2013 at 11:57:26PM +0000, brian m. carlson wrote:
> > Package: openssl
> > Version: 1.0.1e-4
> > Severity: wishlist
> > 
> > RC4 is insecure.  It has significant biases in its output, even if you
> > drop the beginning of the keystream.  It is considered insecure when
> > used in WEP, in WPA, in TLS, and as a PRNG.  Nobody should still be
> > using it, certainly not by default.  Please disable it by default in TLS
> > negotiations and wherever else a default list of ciphers is provided.
> 
> I don't think this is currently doable.  The problem is that
> internet explorer on XP only has 2 ciphers you would want to
> use and that's RC4 or 3DES.  And people seem to prefer using
> RC4 over 3DES to talk to it.

Performance reasons.  RC4 is, in my own implementation, about 22× faster
(242 MiB/s versus 20) in theoretical speed tests, and there's not really
a practical way to speed up 3DES in software.  I can get *practical*
transfers over SSH with aes256-ctr at 20 MiB/s over WiFi.

-- 
brian m. carlson / brian with sandals: Houston, Texas, US
+1 832 623 2791 | http://www.crustytoothpaste.net/~bmc | My opinion only
OpenPGP: RSA v4 4096b: 88AC E9B2 9196 305B A994 7552 F1BA 225C 0223 B187
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-openssl-devel/attachments/20131102/aaee9fce/attachment.sig>


More information about the Pkg-openssl-devel mailing list