Android is using the combination of broken RC4 and MD5 as the first default cipher on all SSL connections. This impacts all apps that did not change the list of enabled ciphers (i.e. almost all existing apps). This paper investigates why RC4-MD5 is the default cipher, and why it replaced better ciphers which were in use prior to the Android 2.3 release in December 2010.
Пожалуйста, войдите в систему, чтобы принять участие в дискуссии (добавить собственные рецензию, или комментарий)
Цитировать эту публикацию
%0 Journal Article
%1 mjs:Lukas:AndroidSSL
%A Lukas, Georg
%D 2013
%K AES Android MD5 SSL cipher cryptography mjsarticle
%N 2
%P 385-393
%T Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010
%U http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS-025_Lukas_AndroidSSL.pdf
%V 6
%X Android is using the combination of broken RC4 and MD5 as the first default cipher on all SSL connections. This impacts all apps that did not change the list of enabled ciphers (i.e. almost all existing apps). This paper investigates why RC4-MD5 is the default cipher, and why it replaced better ciphers which were in use prior to the Android 2.3 release in December 2010.
@article{mjs:Lukas:AndroidSSL,
abstract = {Android is using the combination of broken RC4 and MD5 as the first default cipher on all SSL connections. This impacts all apps that did not change the list of enabled ciphers (i.e. almost all existing apps). This paper investigates why RC4-MD5 is the default cipher, and why it replaced better ciphers which were in use prior to the Android 2.3 release in December 2010.},
added-at = {2021-09-19T18:42:17.000+0200},
author = {Lukas, Georg},
biburl = {https://www.bibsonomy.org/bibtex/21e068ba5d69731d8eae5617872d09da8/steschum},
interhash = {7689328fad39a990cf048d7c6a722ef6},
intrahash = {1e068ba5d69731d8eae5617872d09da8},
issn = {2192-4260},
journaltitle = {Magdeburger Journal zur Sicherheitsforschung},
keywords = {AES Android MD5 SSL cipher cryptography mjsarticle},
number = 2,
pages = {385-393},
timestamp = {2021-10-22T17:15:30.000+0200},
title = {Why Android SSL was downgraded from AES256-SHA to RC4-MD5 in late 2010},
url = {http://www.sicherheitsforschung-magdeburg.de/uploads/journal/MJS-025_Lukas_AndroidSSL.pdf},
urldate = {2013-12-01},
volume = 6,
year = 2013
}