7

Now that the BEAST is public knowledge, TLS 1.0 is NOT safe to use (nor is SSL 3.0). I have seen reports that the RC4 cipher is unaffected (and is widely supported). Is that true?

I know that TLS 1.1 is immune. But out of the 1,000,000 most popular SSL/TLS enabled websites, only a few (221) support TLS 1.1 or higher.

The exploit is restricted to browsers because it requires JavaScript or Browser Plugins via MITM. PayPal.com is vulnerable, as of this writing.

Improve this question
3
  • 1
    RC4 may be safe from that exploit. But last I heard RC4 had many problems of its own. Also, I cannot find anywhere that says that BEAST is "public knowledge". Its existence is, but that is very different than the exploit itself being public knowledge. Granted we will need a solution soon, but it sounds like TLS 1.1 and 1.2 are not vulnerable to the BEAST and seem like a much better solution than using RC4. Disclaimer, I am no expert, just piping in cause I am curious.
    – Jason Dean
    Sep 24, 2011 at 3:53
  • I didn't down vote. Just so you know. I appreciated your answer. Did you delete it? Here is an interesting post I found about BEAST and Chrome. In the article it points out that Google's servers have preferred RC4 for a long time. I found that encouraging.
    – Jason Dean
    Sep 24, 2011 at 4:56
  • Yep, RC4 wasn't bad, WEP was (which uses RC4). So much bad is from the flawed designers ideas about what it 'safe' with a particular cipher. Hopefully TLS 1.2 gets it right.
    – unixman83
    Sep 24, 2011 at 18:22
5

Correct; RC4 is a stream cipher, and is not affected.

The flaw is in CBC message construction, so the ciphers using CBC (there's a bunch, but AES and 3DES are the most popular) are all affected.

Improve this answer
3

Not the answer you're looking for? Browse other questions tagged or ask your own question.