Knowledge Base

Cipher Suite

F

TLS_­RSA_­EXPORT1024_­WITH_­RC4_­56_­MD5

Summary

Name:
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
IANA Name:
TLS_RSA_EXPORT1024_WITH_RC4_56_MD5
Code:
(0x00, 0x60)
OpenSSL Name:
EXP1024-RC4-MD5
Protocol Versions:
SSL 3.0,TLS 1.0,TLS 1.1,TLS 1.2

Check your host!

Type a URL to analyze a service

Get a prompt and clear overview of your security configuration. Right now!

Components

C
Key Exchange Method
Name

RSA (Rivest-Shamir-Adleman)

Security

RSA[443][444] key exchange is a key exchange[133] that has no forward secrecy[127][128][129][130], and does not protect past sessions against future compromises. If long-term secret keys or passwords are compromised, encrypted communications and sessions recorded in the past can be retrieved and decrypted. Throughout its history RSA encryption has had many security flaws[445][446][447][448][449][450] and was affected by variety of attack types: chosen-ciphertext attack[55] (eg: Bleichenbacher's attack[1][2], ROBOT attack[18][19][20][21]), side-channel attack[69][70][71] (eg: padding oracle attack[63][64][65][66], like Bleichenbacher's cat[3][4][5][6]).

Recommendations

Always prefer cipher suites with PFS property over the non-PFS ones. Note that performance considerations implies preferring Ephemeral Elliptic-curve Diffie–Hellman[432][433] over Ephemeral Diffie-Hellman[405][406][407][408].

A+
Authentication Method
Name

RSA

Security

Rivest–Shamir–Adleman[275][276][277] is a digital signature[107][108][109][110] algorithm, which is considered secure, however there are known weaknesses[278][279][280][281][282].

F
Encryption Type
Name

RC4-56

Security

Encryption algorithm Rivest Cipher 4[370][371][372][373] is a stream cipher[182][183] that is more malleable[134] than a block cipher[78][79][80][81]. It has multiple vulnerabilities[375][376][377][378][379] (eg: related-key attack[68], distinguishing attack[60], ...), so attacker can apply statistical analysis against it to recover the encrypted text.

Recommendations

Remove the cipher suite from the list of cipher suites supported by your server.

D
Encryption Key Size
Name

56

Security

Any symmetric key[185][186][187] with key size[184] less than 128 bits are disallowed by National Institute of Standards and Technology[470][471] as it is vulnerable to preimage attack[67] in theory. It cannot reliably prove that message came from the stated sender (its authenticity) and has not been changed, so connection is open for a man-in-the-middle attack[61].

Recommendations

Remove the cipher suite from the list of cipher suites supported by your server.

B
Message Authentication Code
Name

MD5

Security

message authentication code[135][136][137][138] is a hashed message authentication code[139][140][141][142][143][144][145] which is considered secure[456][457], despite the fact that the underlaying cryptographic hash function[94][95][96][97] (MD5[197][198][199]) is considered insecure[200][201] as it vulnerable to collision attack[57] in practice and to preimage attack[67] in theory.

Recommendations

Leading client applications do not use this type of message authentication code[135][136][137][138]. Unless your application or requirements specifically call for their use, it is generally safer to avoid cipher suites that are not adopted and supported by a critical mass of the industry. If your application or requirements specifically call for the use of a message authentication code[135][136][137][138] that does not provide authenticated encryption[74] prefer block cipher mode of operation[82][83][84][85][86] (eg: counter with CBC-MAC[32][33][34], Galois/Counter Mode[46][47][48][49] or message authentication code[135][136][137][138] (eg: Poly1305[458][459]) that proved authenticated encryption over the ones which does not provide it. In case of a hashed message authentication code[139][140][141][142][143][144][145] prefer message authentication code[135][136][137][138] based on Secure Hash Algorithm 2[212][213][214] over the ones based on MD5[197][198][199].