Re: BEAST, RC4 and AES

Simon Johnson <simon.johnson@xxxxxxxxx> wrote:
Our PCI auditor is suggesting that we should change our AES 128-bit for RC4 128-bit on our TLS connections to mitigate the BEAST attack.

We'll do what the auditor says, as we'd fail certification if we don't. I imagine many people are now implementing the switch just like we are.

However, given that the BEAST attack is very difficult to run and RC4 has serious cryptographic deficiencies, I wanted to ask the question whether the people in this group think this is a smart idea?

There is a very real risk, RC4 could be completely broken in the next few years. Such an attack could put us as far more risk than BEAST ever could.

If you can't fix this properly (by forcing clients to use a better TLS
version), do as the auditor says.

If RC4 blows up really bad (which seems unlikely), you have someone
to blame.

SSL/TLS is such a mess that it should be abandoned. Unfortunately,
this seems unlikely.