RC4 broken – implications for NoMachine?

Forums / General Discussions / RC4 broken – implications for NoMachine?

  • This topic has 1 reply, 2 voices, and was last updated 9 years ago by reza.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
  • #1970

    Since March 2013 RC4 is officialy a broken cipher when used with TLS. See here: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html

    Seeing that NoMachine is apparently still using OpenSSL TLS/SSL with RC4 (See here https://www.nomachine.com/AR10K00705 ) I have began to wonder how safe NoMachine is in reality?


    The 4.1 will ship with AES. About your concerns, I don’t think you should worry too much. As the article correctly mentions “the current attack is just on the edge of feasibility”. Amazon and Ebay, as of today, are still using it. You must also consider that the attack is based on millions of connection iterations from the same host. A similar scenario is theoretically possible in the case of a browser connecting to a Web server, but unlikely to happen in the case of a client connecting to a NoMachine host.



Viewing 2 posts - 1 through 2 (of 2 total)

This topic was marked as solved, you can't post.