Although sensationalist title, always good to remember that attacks only get better - some angle might show up that changes this to be practical in some special circumstance. The takeaway here is to plan moving away from RC4 and there is still time to do this in orderly fashion
We can stop using RC4<p><a href="http://dl.dropbox.com/u/24257718/cipher_chart.png" rel="nofollow">http://dl.dropbox.com/u/24257718/cipher_chart.png</a><p>Virtually all server side hardware can do AES-NI instructions in hardware now (unless you are using ATOM cpu for ssl connections?) and most non-mobile hardware clients can do AESNI too for AES-128
Same thing as [1] (4 days ago), for all I can tell?<p>1: <a href="https://news.ycombinator.com/item?id=5364807" rel="nofollow">https://news.ycombinator.com/item?id=5364807</a>
I've also tried to post a couple of links discussing these attacks in practice, and comparing the risks from BEAST/Lucky 13 to these...<p>* <a href="https://news.ycombinator.com/item?id=5367805" rel="nofollow">https://news.ycombinator.com/item?id=5367805</a> - links to a very interesting answer on security stackexchange that puts things into pretty good perspective.<p>* <a href="https://news.ycombinator.com/item?id=5368610" rel="nofollow">https://news.ycombinator.com/item?id=5368610</a> - links to an interesting possible browser workaround to these attacks.<p>(disclaimer: I'm the one who posted both the questions on security stackexchange and HN posts. I'm not trying to be a karma whore, just hoping to get some discussion going on around those... both went under the radar)
Does not seem like a big deal to me; because it's unlikely to work outside a lab environment, nor passed the first 256 bytes (without a truly massive amount of connections at least).<p>And all that work for what - to sniff out your own cookie?<p>I mean, what is this good for, it's not a man-in-the-middle attack, it's not a spoofing attack, etc?<p>*Though it's really good work on the researchers part, and the author of the article explained it all in an excellent way.
Interesting.. It has more practical application to IMAP or POP3.<p><a href="http://crypto.stackexchange.com/questions/3451/is-rc4-a-problem-for-password-based-authentication" rel="nofollow">http://crypto.stackexchange.com/questions/3451/is-rc4-a-prob...</a>
But doesn't this attack only reveal the second byte of the RC4 cipher? If I got it right it is some kind of frequency analysis that doesn't reveal the entire key (cipher), or at least with high probability (higher than 1)..