In practice the attack can be executed within an hour.
對於 TLS 則是 75 個小時有 94% 成功率,實際測試時只用了 52 個小時就順利攻下來:
We also attack TLS as used by HTTPS, where we show how to decrypt a secure cookie with a success rate of 94% using 9·227 ciphertexts. This is done by injecting known data around the cookie, abusing this using Mantin's ABSAB bias, and brute-forcing the cookie by traversing the plain-text candidates. Using our traffic generation technique, we are able to execute the attack in merely 75 hours.
When we tested the attack against real devices, it took merely 52 hours to successfully perform the attack.
If you require RC4 ciphers you can re-enable them by selecting the 2014-10 SSL Security Policy or by manually configuring the SSL ciphers used by the load balancer.