Backward compatibility bites again (like RC4 in WPA2)

coderman coderman at gmail.com
Tue Mar 3 13:48:28 PST 2015


On 2/4/15, coderman <coderman at gmail.com> wrote:
> ...
> 2015, RC4 still in WPA2, WPA2 still in everything, ... [0].

not RC4 specifically, but EXP-RC4-MD5 is the avenue:

"The export-grade RSA ciphers are the remains of a 1980s-vintage
effort to weaken cryptography so that intelligence agencies would be
able to monitor. This was done badly. So badly, that while the
policies were ultimately scrapped, they’re still hurting us today."
 - http://blog.cryptographyengineering.com/2015/03/attack-of-week-freak-or-factoring-nsa.html

RC4, still hurting us today, too!




More information about the cypherpunks mailing list