On this website, we have reported from time to time how unreliable the algorithm is uses the RC4 (Rivest Cipher 4) for encryption. As it turns out, security researchers agree totally.
Belgian researchers preparing for the Usenix Security Symposium to be held in Washington in August estimate that they can decipher encrypted cookies with RC4 within 75 hoursPDF).
Mathy Vanhoef and Frank Piessens of the University of Leuven investigated websites using TLS with RC4, as well as Wi-Fi with WPA-TKIP encryption.
As they explain, the weakness of RC4 is based on the bias of the RC4 keystream. The bias was already known, and that's why major companies like Microsoft criticize encryption with Rivest Cipher 4. But what else did researchers Vanhoef and Piessens do?
For HTTPS sessions secured by TLS using encryption Rivest Cipher 4, the researchers estimate that they can “decrypt a secure cookie with a success rate of 94% using 9×227 cyphertexts”.
To break the security of TLS / HTTPS, Belgian researchers entered known data around the cookie, “we breached it using the ABSAB bias of Mantin, and by brute-forcing the cookie from a plain-text… we were able to execute an attack within 75 hours “.
"If we added a JavaScript code to the victim's browser, 'we would be able to launch the επί attack in just 52 hours.'
With WPA-TKIP things get worse. The investigators' attack can be "executed within an hour":
"To break the WPA-TKIP we will present a method that produces a large number of identical packets. This packet is decrypted by generating plaintext, and using the redundant packet structure you can remove bad candidates. From the decrypted packet we derive the key TKIP MIC, which can be used to inject and decrypt packets “.
