Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://freesoftwareextremist.com/objects/b7de7eb8-d6e6-4eea-bb86-2a567a575f26">翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 21-Oct-2024 20:37:39 JST</a><a href="https://freesoftwareextremist.com/users/Suiseiseki" title="suiseiseki@freesoftwareextremist.com"><img src="https://gnusocial.jp/avatar/789-48-20220724040913.webp" width="48" height="48" alt="翠星石" style="position: absolute; left: 0; top: 0;">翠星石</a><div><a href="https://shitposter.world/objects/057e60b6-67b6-417f-a88d-3df4fe7fcf6e" rel="in-reply-to">in reply to</a><ul><li><li><a href="https://gnusocial.jp/user/252758" title="mangeurdenuage@shitposter.world">mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius:</a></li></ul></div></section><article><a href="https://shitposter.world/users/mangeurdenuage">@mangeurdenuage</a> <a href="https://whinge.town/users/iwillbite">@iwillbite</a> Unfortunately, the "encryption" does not prevent ISPs or other middle men from snooping on your downloads - as it uses the weak RC4 cipher and it seems that not all clients discard the beginning of the output keystream; <a href="https://en.wikipedia.org/wiki/RC4?useskin=monobook">https://en.wikipedia.org/wiki/RC4?useskin=monobook</a><br><br>What "encryption" does is avoid traffic shaping, as with it on, shaping bittorrent traffic requires statistical analysis and guessing if packets are bittorrent, while with it off, simple Deep Packet Inspection (DPI) can determine if a packet is bittorrent traffic.</article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3855360#notice-7545097">In conversation</a><time datetime="2024-10-21T20:37:39+09:00" title="Monday, 21-Oct-2024 20:37:39 JST">about 7 months ago</time> <span>from <span><a href="https://gnusocial.jp/notice/7545097" rel="external" title="Sent from gnusocial.jp via ActivityPub">gnusocial.jp</a></span></span><a href="https://gnusocial.jp/notice/7545097">permalink</a><h4>Attachments</h4><ol><li><article><header><div>No result found on File_thumbnail lookup.</div><h5><a href="https://en.wikipedia.org/wiki/RC4?useskin=monobook">RC4</a></h5><div></div></header><div>In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.
As of 2015, there is speculation that some state cryptologic agencies may possess the capability to break RC4 when used in the TLS protocol. IETF has published RFC 7465 to prohibit the use of RC4 in TLS; Mozilla and Microsoft have issued similar recommendations.
A number of attempts have been made to strengthen RC4, notably Spritz, RC4A, VMPC, and RC4+.History
RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed "Rivest Cipher 4", the RC acronym is alternatively understood to stand for "Ron's Code" (see also RC2, RC5 and RC6).
RC4 was initially a trade secret...</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Monday, 21-Oct-2024 20:37:39 JST翠星石
in reply to
- Ennui
- mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius:
@mangeurdenuage @iwillbite Unfortunately, the "encryption" does not prevent ISPs or other middle men from snooping on your downloads - as it uses the weak RC4 cipher and it seems that not all clients discard the beginning of the output keystream; https://en.wikipedia.org/wiki/RC4?useskin=monobook

What "encryption" does is avoid traffic shaping, as with it on, shaping bittorrent traffic requires statistical analysis and guessing if packets are bittorrent, while with it off, simple Deep Packet Inspection (DPI) can determine if a packet is bittorrent traffic.
In conversationabout 7 months ago from gnusocial.jppermalink
Attachments
1. No result found on File_thumbnail lookup.
  RC4
  In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP. As of 2015, there is speculation that some state cryptologic agencies may possess the capability to break RC4 when used in the TLS protocol. IETF has published RFC 7465 to prohibit the use of RC4 in TLS; Mozilla and Microsoft have issued similar recommendations. A number of attempts have been made to strengthen RC4, notably Spritz, RC4A, VMPC, and RC4+. History RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed "Rivest Cipher 4", the RC acronym is alternatively understood to stand for "Ron's Code" (see also RC2, RC5 and RC6). RC4 was initially a trade secret...

Public

Embed Notice

HTML Code

Corresponding Notice