The RC4 attacks currently require the client being attacked to make millions of ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		marshray on July 8, 2013 \| parent \| context \| favorite \| on: On the Security of RC4 in TLS and WPA – Full Paper... The RC4 attacks currently require the client being attacked to make millions of connections to the legitimate server. However, this could be done over a long period of time and the webserver may not even log an error for each attempt. Under the right circumstances, BEAST can be exploited with a real-time practical number of connections. It was demoed on stage. Those circumstances don't include every browser configuration, but they're not very extraordinary. Does that answer your question? :-)

tptacek on July 8, 2013 [–]

The circumstances BEAST relies on involves a rapidly diminishing set of browsers. As I understand it, BEAST is less of a motivator for RC4 than Lucky 13.

marshray on July 9, 2013 | [–]

Never thought I'd see the day when browsers are patched (against BEAST) faster than servers (Lucky 13).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact