At 03:22 PM 8/26/2004, Hallam-Baker, Phillip wrote:
RC4 has related key weaknesses that make it a poor choice of
cipher. Shamir's attack was a cryptanalytic one.
The attack was against the way it was used in WEP. The disclosure of the
first three octets of the key is always a bad idea, but WEP does just
that. In the case of RC4, this disclosure is particularly bad. However,
this does not mean that all uses of RC4 will suffer. For example, TLS does
not disclose any portion of the RC4 key, and I am unaware of any
cryptanalytic results in this context.