Batu69 Posted September 2, 2015 Share Posted September 2, 2015 Bye bye, Rivest Cipher 4, it was fun while it lastedBy the end of February 2016, you'll have seen the last of RC4 encryption in browsers like Chrome, Firefox, Internet Explorer, and Edge, their parent companies have announced. The once mighty RC4 encryption algorithm, used in popular Web technologies like WEP, WPA, SSH, TLS/SSL, RDP, PDF, Kerberos, SASL, Skype, and BitTorrent, has seen its glory days come and go. With security experts slashing it to pieces in their research papers and hackers using its exposed flaws to mount their attacks, RC4's popularity decreased so much that the creators of the TLS protocol, the Internet Engineering Task Force (IETF), outright prohibited its usage within TLS anymore. Things turned even uglier for RC4 yesterday, when, in a series of inter-connected announcements, three of the five major browser makers announced that they plan to remove RC4 support from future versions of their products altogether, practically twisting the knife that was already left in RC4's back by the IETF announcement. RC4 support will be removed by late February 2016 So, starting with the early part of 2016, browser makers like Mozilla, Microsoft and Google will drop RC4 support from Firefox, Internet Explorer, Edge, and Chrome. In a detailed timeline, Mozilla has announced it intends to disable RC4 starting with Firefox 44, which is officially scheduled for release on January 26, 2016. This is no big deal since its internal data shows that only 0,08% of its userbase were currently using it, RC4 being partly disabled since Firefox 37. The Chrome team, on the other hand, didn't provide an exact date or version, but they committed to removing RC4 support in the Stable channel around January or February 2016. While these two announcements came buried deep in Google Grup talk pages, Microsoft downright announced it on its official blog, saying that "Starting in early 2016, the RC4 cipher will be disabled by-default and will not be used during TLS fallback negotiations." This announcement will affect both browsers of the company, IE and Edge. Source Link to comment Share on other sites More sharing options...
SPECTRUM Posted September 2, 2015 Share Posted September 2, 2015 it should be removed right now, not in 2016. same with SSL 3.0 and 2.0. Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted September 3, 2015 Administrator Share Posted September 3, 2015 it should be removed right now, not in 2016.same with SSL 3.0 and 2.0.Agreed.RC4, relatively, is as good as WEP, so not sure why it's not removed already. Encryption is something I am not expertized in, but from what I know, AES is already used and is far better than others. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.