Reply to post: So much hype, so little risk assessment.

Sensitive Virgin Media web pages still stuck on weak crypto software

Paul Moore

So much hype, so little risk assessment.

None of the standard, stable-build UAs currently block requests to an RC4-only site... so there's no issue there. If you run a bleeding-edge build of any browser, you're opening yourself up to far greater risks... something which vendors will actually tell you. To subsequently criticise a site for "unnecessary security risks" is bordering on comical.

Attacks against RC4 are still incredibly difficult, requiring 2^26 sessions encrypting the same data with different keys... that's over 67 million requests! If you're logging in 67 million times, you probably have more serious issues.

Yes, RC4 is broken. VM are aware of it and working towards a solution, but all this "think of the children" FUD is helping nobody.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021