Cloudflare Writes On The Deprecation Of RC4
The move away from RC4 to AES is a sensible pre-emptive action being taken by those in the industry. Cloudflare recently wrote a blog post detailing their rationale for removing RC4 as a supported cipher for modern browsers using TLS 1.1 or greater. I re-iterate that RC4 has not been demonstrably broken but it would appear only a matter of time.
Whilst I agree retiring old or suspect crypto algorithms is a good idea it has a side effect which is reducing the number of algorithms available to use.
This should not happen but it does, whilst new algorithms are being designed fairly regularly, importantly they are not being implemented in products for various reasons.
Thus we are rapidly aproaching a monoculture of algorithms and this is distinctly problematical…
For instance AES has a NIST / NSA “seal of goodness” –for what little that is worth these days– but no other algorithms do. There are some Europian NESSI algorithms but they don’t get implemented in all products.
Whilst AES is “theoreticaly secure” untill fairly recently most implementations were not “practicaly secure”, due to the likes of time based side channels (for which I have blaimed the NSA for many years preceding the Ed Snowden Revelations).
In fact the NSA implicitly make the statment that AES is not “practically secure” for communications systems because although they do have poducts that use it that are clasified for “top secret” they specificaly qualify it as only when the “data is at rest”.
Thus to securely use AES you have to encrypt your files on an “Air Gapped” computer, then copy the encrypted copies via “Sneaker Net” or equivalent to another computer used to send them and the recipient has to do the reverse. All of which is totaly impractical for modern usage (think online transactions etc).
Then there is the issue of what do we do when AES is found to not even be “theoreticaly secure” any more? Whilst I’m not saying “AES is currently theoreticaly insecure” the history of crypto indicates that at some point in time it probably will be, as advances in the field of cryptoanalysis are made.
Most products don’t have either alternatives or a method by which an alternative can be “pluged in” at short notice. Nor do many have ways you can chain different orthagonal ciphers together (say Serpant256-AES256) to get improved longterm resiliance.
Over many years I have pointed out that NIST realy needs to address these issues by implementing “Framework Standards” to address these issues, however untill recently few have seen the need… and others for what I suspect are short term commercial reasons come out with quite extrodinary reasons for denying there is a problem with what they are currently doing.
However with the advent of the “Internet of Things” including implanted medical devices such as pace makers which will have expected lifetimes of twenty or more years, people realy should wake up to the fact that they have an “inbuilt KILL switch” that potentialy is going to be open to all to press when the next PhD thesis breaks the only crypto algorithm their pacemaker builds its security on…