cryptogon.com

news – analysis – conspiracies

• Home
• About
• Archives
• Contact
• Support Cryptogon
• Story Suggestions

Android Uses Crap SSL Cipher by Default

October 15th, 2013

Via: op-co.de:

Android is using the combination of horribly broken RC4 and MD5 as the first default cipher on all SSL connections.

…

The cipher order on the vast majority of Android devices was defined by Sun in 2002 and taken over into the Android project in 2010 as an attempt to improve compatibility. RC4 is considered problematic since 2001 (remember WEP?), MD5 was broken in 2009.

The change from the strong OpenSSL cipher list to a hardcoded one starting with weak ciphers is either a sign of horrible ignorance, security incompetence or a clever disguise for an NSA-influenced manipulation – you decide!

Sign in | Register

The New Zealand Copyright Act 1994 specifies certain circumstances where all or a substantial part of a copyright work may be used without the copyright owner's permission. A "fair dealing" with copyright material does not infringe copyright if it is for the following purposes: research or private study; criticism or review; or reporting current events. If you are a legal copyright holder, or a designated agent for such, and you believe a post on this website falls outside the boundaries of "fair dealing," and legitimately infringes on your or your client's copyright, please contact Kevin Flaherty. Cryptogon contains both original material and material from external sources. Original material: Copyright Kevin Flaherty. Material from external sources: Copyright the respective owners / authors.

Design by Andreas Viklund | Ported by Matteo Turchetto