Hi *,
On 05/05/2014 11:02 PM, Pavel Kankovsky wrote:
(AlFardan et al. describe a different and possibly somewhat more
efficient
approach to find the maximum-likelihood choice of a plaintext byte.)
If you capture "just few" connections you do not collect enough
information to distinguish between the correct value and incorrect
values, and no amount of computing power will help you (that is unless
you have got enough to crack the cipher directly)
Added to this is the possibility
of "nation-state actions" that may have
found RC4 cryptanalytic attacks the public cryptography community does
not know about. Yes, I do not have sources on that, but it's been
suggested by people that viewed the Snowden leaks a couple of times.
I don't really see a reason to keep RC4 in there. I'm totally for
removing it. But that's just my opinion.
Aaron