Re[3]: [Exim] OT: TLS encryption strength

Top Page
Delete this message
Reply to this message
Author: Richard Welty
Date:  
To: exim-users
Subject: Re[3]: [Exim] OT: TLS encryption strength
On Mon, 10 Mar 2003 09:16:20 +0000 Giuliano Gavazzi <eximlists@???> wrote:
> I was just concerned about password protection. I hope RC4
> vulnerability still requires a pretty determined person and that the
> tools to break it do not come shrink-wrapped off the shelves.


for an extremely short transaction, there's not much text to attack.

i don't recall the details of the RC4 vulnerabilities off hand, except in
the context of WEP, where numerous design issues got botched, massively
weakening the crypto.

if you can get it to do 3DES, you're better off, but i'd not get panicky
about RC4 in this context.

richard
--
Richard Welty                                         rwelty@???
Averill Park Networking                                         518-573-7592
              Unix, Linux, IP Network Engineering, Security