Microsoft, Google, Mozilla Abandon RC4 Cryptographic Standard

Microsoft, Google, Mozilla Abandon RC4 Cryptographic Standard

With Microsoft, Google, and Mozilla turning against the RC4 cryptographic suite, the standard will likely die in 2016.


Something unusual happened in the browser arena on Sept. 1. Microsoft, Google, and Mozilla all simultaneously announced that their browsers will not support the RC4 cryptographic suite as of early 2016.
RC4 is a stream cipher that was first described in 1987. It has been widely used across Web browsers and online services for various purposes, mostly to enable "secure" connections under the TLS protocol.
However, recent attacks have shown that RC4 can be broken within hours or days. Typical attacks on RC4 exploit biases -- externally observable patterns -- in the RC4 keystream to recover repeatedly encrypted plaintexts. Cryptographers would call this a lack of "entropy" in the cypher.
These kinds of attacks on the cypher led the Internet Engineering Task Forceto ban the use of RC4 in TLS negotiations as of February.
Microsoft's announcement stated the problem this way: "Microsoft Edge and Internet Explorer 11 only utilize RC4 during a fallback from TLS 1.2 or 1.1 to TLS 1.0. A fallback to TLS 1.0 with RC4 is most often the result of an innocent error, but this is indistinguishable from a man-in-the-middle attack."
Google was more direct about the problem. The search giant noted: "We plan to disable support for RC4 in a future Chrome release. That release is likely to reach the stable channel around January or February 2016. At that time, HTTPS servers that only support RC4 will stop working."
That time frame is the same that all three announced in their statements.
Google added: "Measurements show that only 0.13% of HTTPS connections made by Chrome users (who have opted into statistics collection) currently use RC4."
Google went on to describe RC4 usage in Chrome. "Current versions of Chrome don't advertise support for RC4 on an HTTPS connection unless the first connection attempt fails, so servers that already support a non-RC4 cipher suite will not see any change," according to Google.
So, Google thinks this is not really a large problem that they face here.
Mozilla, on the other hand, concedes that this action may cause some problems.
"There is a small but measurable population of servers out there that require RC4," according to Mozilla. "Scans by Mozilla QA team find that with current Aurora (whitelist enabled), around 0.41% of their test set require RC4, 820 sites out of 211k. Disabling the whitelist only results in a further 26 sites broken, totaling 0.4% of sites."
In any case, support for RC4 is going away in early 2016 for all of these browsers.
Server operators that have questions about what ciphers their TLS implementations contain can use the SSL Lab's tool to check out their particular installation.

Comments