Specifically choosing an encryption algorithm that has been known to be insecure for a decade should be indicative of either extreme carelessness or deceptive and malicious intent.
Considering that use of the app store is forced, purportedly to keep users of iphones secure, one would imagine that they would care.
>Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
>CVE-2016-2183, CVE-2016-6329
>[...] short block size makes a block cipher vulnerable to birthday attacks, even if there are no cryptographic attacks against the block cipher itself. We observe that such attacks have now become practical for the common usage of 64-bit block ciphers
>We show that a network attacker who can monitor a long-lived Triple-DES HTTPS connection between a web browser and a website can recover secure HTTP cookies
13 comments
[ 3.4 ms ] story [ 43.3 ms ] threadConsidering that use of the app store is forced, purportedly to keep users of iphones secure, one would imagine that they would care.
Here's just a random example of it being removed back in 2016 https://cvsweb.openbsd.org/src/usr.bin/ssh/myproposal.h?rev=...
>CVE-2016-2183, CVE-2016-6329
>[...] short block size makes a block cipher vulnerable to birthday attacks, even if there are no cryptographic attacks against the block cipher itself. We observe that such attacks have now become practical for the common usage of 64-bit block ciphers
>We show that a network attacker who can monitor a long-lived Triple-DES HTTPS connection between a web browser and a website can recover secure HTTP cookies
https://sweet32.info/