On Mon, 10 Mar 2003 09:16:20 +0000 Giuliano Gavazzi <eximlists@???> wrote:
> I was just concerned about password protection. I hope RC4
> vulnerability still requires a pretty determined person and that the
> tools to break it do not come shrink-wrapped off the shelves.
for an extremely short transaction, there's not much text to attack.
i don't recall the details of the RC4 vulnerabilities off hand, except in
the context of WEP, where numerous design issues got botched, massively
weakening the crypto.
if you can get it to do 3DES, you're better off, but i'd not get panicky
about RC4 in this context.
richard
--
Richard Welty rwelty@???
Averill Park Networking 518-573-7592
Unix, Linux, IP Network Engineering, Security
