Don't use RC4.....OR
...just disable/clear cookies
Fresh cryptographic weaknesses have been found in the technology used by Google and other internet giants to encrypt online shopping, banking and web browsing. The attack, developed by security researchers at Royal Holloway, University of London and University of Illinois at Chicago, targets weaknesses in the ageing but …
I'm being picky here, but the paragraph that begins "RC4 was invented by Ron Rivest in 1987..." seems to imply CBC is an encryption "algorithm" like RC4, when it's just a way of using a class of encryption "algorithm" (a block cipher like 3DES or AES) to encode a stream of data.
I've not sent a correction because I can't see a better way to phrase it and I wanted other people's comments on how picky I was being.
I'm being picky here, but the paragraph that begins "RC4 was invented by Ron Rivest in 1987..." seems to imply CBC is an encryption "algorithm" like RC4...
Not that picky at all. CBC is not an encryption algorithm, but a way of chaining together successive uses of a block encryption algorithm to encrypt a large body of data -- such things are usually described as "modes of operation".
Of course it's an algorithm. It's just not a crypto algorithm.
Anthing that says "do this, then this..." is an algorithm.
The Wiki page you cite starts "In cryptography, modes of operation is the procedure ..."
The wiki page for Algorithm starts "In mathematics and computer science, an algorithm is a step-by-step procedure..."
Not picky ... CBC's a cipher *mode*. So you get RC4-CBC, AES-CBC and such. Though people should really be doing AES-GCM.
The fun thing is that both RC4 *and* CBC mode should no longer be used. I'd add 3DES to the mix, if only because it's basically DES three times, and DES has been cracked for ages by now...
Biting the hand that feeds IT © 1998–2021