0
Fortify.net is a service that displays what's the currently encryption key used by your browser in a https connection. If I browse this site with Chrome 4.1.249.1042 in WinXp SP3 the key used is
RC4 cipher, 128-bit key
This encryption is weak, and it's the one used by old browsers like IE6.
Chrome works fine on Fedora9 and it uses
AES cipher, 256-bit key
as more modern browsers do (i.e.Firefox)
I consider this a security issue. I'm considering to switch back to Firefox in Windows.
Do you know if it's possible to change the default encryption key in Chrome?
I consider it a security issue because as I read on Wikipedia RC4 128-bit can be hacked and because AES-256 is considered more secure than RC4. Maybe I'm wrong. .. btw I consider IE9 old already – al nik – 2010-04-02T12:33:04.777
I'm no security expert, but I took the articles I read on RC4/AES to mean that some implementations of RC4 (eg WEP) were very bad and were insecure in real-life, but other implementations are 'secure enough'. Given the scramble to replace WEP when it was discovered that it could be cracked, I would have expected Microsoft to have been forced (by big corporations still using XP) to update the encryption in XP if it could be exploited in real-life.
There was talk a while back about chrome switching to use the firefox encryption libraries, so it is possible things might change. – sgmoore – 2010-04-02T13:57:46.203