An IT blog carried a story about Android’s SSL implementation the other day. The story suggests that at some point around 2010 the default cipher was changed from AES to RC4. Such odd commits that seem to weaken security rather than improve them do occur from time to time, but since the NSA mass surveillance allegations every such instance of these regressions must now be looked at with a critical eye.
Mike the Crypto Goat
Exploring Internet security, crypto and civil liberties.
Mike the Crypto Goat 