Highest Voted 'rc4' Questions - IT Security Stack Exchange

2

votes

0 answers

Should Mozilla SSL3/RC4 whitelisted sites be blacklisted by admins/users?

As of Firefox 39, Mozilla has dropped support for SSL3 and RC4... and whitelisted 519 (!) non-compliant sites: (https://mxr.mozilla.org/mozilla-release/source/security/manager/ssl/src/IntolerantFallbackList.inc), including such juicy ones…

tls firefox rc4

asked Jul 06 '15 at 07:42

Deer Hunter

5,297
5
33
50

2

votes

1 answer

SSL Mixed Scripting Vulnerabilities and XOR Attacks

Given that RC4 is a stream cipher (I'm pretty sure the details of its inner workings don't matter for the sake of this argument) and the existence of Mixed Scripting / Mixed Display (web applications requesting and retrieving contents both over…

tls rc4

asked Oct 24 '14 at 14:10

Keith Makan

23
2

2

votes

3 answers

Does it make sense to keep RC4?

I know that the RC4 cipher when used with SSL is vulnerable to certain attacks, which in the worst case scenario could result in authentication tokens being stolen. But RC4 is also recommended as a cipher to mitigate the BEAST attack. Is it a better…

tls beast rc4

asked Dec 13 '13 at 22:30

Sonny Ordell

3,476
9
33
56

2

votes

0 answers

Decrypting xls file using John The Ripper

I need to open an excel file and see its contents which is locked with password. As I made some research on the internet, I have found that only way was a brute force attack. So I used John the Ripper on Ubuntu, and detected and extracted hash of…

john-the-ripper office rc4

asked Apr 02 '21 at 06:50

KontrCode

21
4

2

votes

1 answer

SSL - Enabling Forward Secrecy with or without RC4

I'm running an Apache 2 server with Ubuntu 16. Here's my current configuration: SSLProtocol All -SSLv2 -SSLv3 SSLHonorCipherOrder on SSLCipherSuite I'm a bit confused as to what I should use for SSLCipherSuite. I'm taking it from this article…

tls apache ubuntu ciphers rc4

asked Feb 17 '18 at 17:54

Edward

123
5

2

votes

2 answers

Can we restrict cipher suites using server certificate?

Can we restrict cipher suites (such as RC4) using server certificate?

certificates rc4 ciphers

asked Jun 20 '16 at 08:50

msaw

31
4

1

vote

2 answers

Google's usage of RC4

I was reading about Google's usage of RC4 and an answer on stackexchange website stated the following: I know Google uses RC4 for most of its services, and this is the reason one shouldn't keep gmail opened all the time ;-) Is this true? What…

encryption tls cryptography cryptanalysis rc4

asked Jan 12 '14 at 14:26

Fingolfin

175
6

1

vote

2 answers

Clients breaking after avoiding RC4-MD5

As per http://projects.webappsec.org/w/page/13246945/Insufficient%20Transport%20Layer%20Protection , we have been recommended to stop using RC4-MD5. The clients supported by our Application are IE 8 and above, Safari 5 and above, Chrome 18 and…

beast crime rc4

asked Oct 15 '13 at 18:18

Novice User

2,088
7
26
38

1

vote

1 answer

Way to remove rc4 from Linux Cipher Suites

Running this command resulted with the list of ciphers which supports rc4: /usr/bin/openssl ciphers -v | grep -i "rc4" What's the easiest way and how to remove specifically ciphers that supports rc4 that I need to execute or where is the…

linux hardening rc4

asked Aug 22 '20 at 14:16

Infidel

71
1
1
4

1

vote

0 answers

How does fake authentication work with no other clients connected to the AP? (aireplay-ng)

I was reading a tutorial about how to hack a WEP network that has no other clients connected to the AP. It says that fake authentication must be used and it appears to work, but I don't understand how the fake authentication works without there…

wifi aircrack-ng rc4

asked Oct 04 '18 at 17:38

Lewis Kelsey

151
1
6

1

vote

2 answers

Why does tls_version "TLS 1.2" from howsmyssl rate "Probably Okay" in Chrome on Windows 10 but "Bad" in IE11 on Windows 7?

I'm implementing an API endpoint based on howsmyssl to check the TLS version of clients then notify those clients about whether or not they passed the test. However, several clients have reported failing the test on our site but passing Salesforce's…

tls cipher-selection internet-explorer rc4 3des

asked Oct 12 '17 at 20:56

bw-patrick

11
2

1

vote

1 answer

Is an RC4 encryption enough for my personal documents?

In the last few weeks I wrote several proposals to the government, to my professor, etc. I want to make a copy of this filled proposals and save them. Instead of scanning it with my printer, making a pdf-document, writing it to an usb stick I want…

encryption privacy rc4 documents

asked Oct 09 '17 at 10:52

adama

111
3

1

vote

1 answer

Network scan for vulnerabilities free tool

I have a huge distributed network with over 1000 servers and network devices. It is mix of operating systems. I'm looking for some free tool to scan network for SSL v2, SSL v3, RC4,TLS v1.0 and older. For example https://www.ssllabs.com/ssltest…

network-scanners rc4

asked Feb 17 '17 at 13:50

iurii Iashchenko

11
2

1

vote

1 answer

difference between rc4-40 and rc4 in OpenSSL

I was testing rc4-40 out with a 200-bit key (25 bytes) and, to my surprise, the results were the same as they were with rc4:

php openssl rc4

asked Jan 18 '17 at 16:00

neubert

1,605
3
18
36

1

vote

2 answers

Dovecot TLS connection handshake ChangeCipherSpec

I added a virtual domain to our mail server today then did a check of the Dovecot TLS connection security. The test was done from a remote host using Thunderbird. I captured the connection with tcpdump and then passed that to ssldump. I also used…

tls cipher-selection rc4

asked Oct 23 '15 at 22:28

TrustNoOne

261
1
8

Prev 1 2

3

4 Next

Questions tagged [rc4]