>> 1. That there is a consent on high quality ciphers: for example right > now there are roughly two fractions who agree what is the lesser evil: RC4 > or AES-CBC. > > No, it is now clear that RC4 is the greater evil. The browsers have > deployed defenses against the "BEAST" attack on CBC (the defense is "1/n-1 > record splitting"), and BEAST is an active attack which can only be used > in some cases and which tends to leave evidence of the attempt. On the > other hand, RC4 is apparently vulnerable to passive attacks, which are > more serious. > > (If I'm wrong and there actually *is* a faction who still prefers RC4 > despite the recent results against it, I'd like to read about it!)
I’m not going to argue ciphers with you because you’re obviously right and I already wrote elsewhere that I’m going to full defer to your judgement here. To explain where the above came from and eg. Qualys is still somewhat for RC4 as a fallback cipher: to the best of my knowledge[1], Apple’s desktop Safari browser ''still'' hasn’t activated record splitting in its latest version and is thus still vulnerable to BEAST (and doesn’t support TLS>1). But that’s probably a corner case enough to ignore in the defaults and will hopefully resolve itself in Mavericks. [1]: Mostly from https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what and I’m not aware of any changes. _______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
