IETF takes rifle off wall, grabs RC4 cipher's collar, goes behind shed

RC4 isn't a "bad cipher". It's very simple to implement, very fast, and provided more than adequate security under many reasonable threat models for twenty-odd years. In cryptography, that's very successful.

Re: Pity

True -- not many RFCs come with working source code.

Re: end of the rainbow...?

RC4 is a cipher, not a hashing algorithm.

Re: Well, hell, what's left?

The advantage of DHE based ciphers is forward secrecy* which has got to be a Good Thing™?

* https://en.wikipedia.org/wiki/Forward_secrecy

In fact I wouldn't want to use any Payment/Banking system which didn't support cutting edge security. Unfortunately the PCI requirements are updated so slowly that they are out of date by the time they are published.

My online banking (Barclays) security is a joke. RC4, no forward secrecy, no strict transport security headers, sha1 signatures, no stapling, no TLS fallback prevention, ssl v3 still supported ...

Re: Well, hell, what's left?

DHE and RC4 are unrelated. DHE is a key-exchange mechanism (in effect an asymmetric cipher), while RC4 is a symmetric (secret-key) cipher.

The last time I looked at PCI DSS, they allowed AES for symmetric encryption. There's little reason to use anything else, unless you're paranoid about ciphers endorsed by the US government, in which case you can use Camellia instead; I think it's even allowed by PCI DSS.

What we don't have are any widely-interoperable stream ciphers. That's unfortunate because 1) they're generally faster and less resource-intensive than block ciphers, and 2) they avoid block-cipher vulnerabilities like the ones that gave us BEAST, Lucky13, and POODLE. But the answer to the latter is smarter protocols and better chaining modes (really no reason to use anything other than GCM), and to the former is throwing resources at it.