RC4 broken – implications for NoMachine?

Forums / General Discussions / RC4 broken – implications for NoMachine?

  • This topic has 1 reply, 2 voices, and was last updated 9 years ago by reza.
Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #1970
    vekt0r7
    Participant

    Since March 2013 RC4 is officialy a broken cipher when used with TLS. See here: http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html

    Seeing that NoMachine is apparently still using OpenSSL TLS/SSL with RC4 (See here https://www.nomachine.com/AR10K00705 ) I have began to wonder how safe NoMachine is in reality?

    #2015
    reza
    Participant

    The 4.1 will ship with AES. About your concerns, I don’t think you should worry too much. As the article correctly mentions “the current attack is just on the edge of feasibility”. Amazon and Ebay, as of today, are still using it. You must also consider that the attack is based on millions of connection iterations from the same host. A similar scenario is theoretically possible in the case of a browser connecting to a Web server, but unlikely to happen in the case of a client connecting to a NoMachine host.

    https://www.nomachine.com/FR11K02792

     

Viewing 2 posts - 1 through 2 (of 2 total)

This topic was marked as solved, you can't post.