From this site, we have occasionally mentioned how unreliable the algorithm used by RC4 (Rivest Cipher 4) for encryption. Apparently, researchers security they completely agree.
Belgian researchers preparing for the Usenix Security Symposium to be held in Washington in August estimate that they can decipher encrypted cookies with RC4 within 75 hoursPDF).
Mathy Vanhoef and Frank Piessens of the University of Leuven investigated websites using TLS with RC4, as well as Wi-Fi with WPA-TKIP encryption.
As they explain, the weakness of RC4 is based on the bias of the RC4 keystream. The bias was already known, and that's why major companies like Microsoft criticize encryption with Rivest Cipher 4. But what else did researchers Vanhoef and Piessens do?
For HTTPS sessions secured by TLS using encryption Rivest Cipher 4, the researchers estimate that they can “decrypt a secure cookie with a success rate of 94% using 9×227 cyphertexts”.
To break the security of TLS / HTTPS, Belgian researchers entered known data around the cookie, “we breached it using the ABSAB bias of Mantin, and by brute-forcing the cookie from a plain-text… we were able to execute an attack within 75 hours “.
"If we were to add one code JavaScript in the victim's browser, "we would be able to execute the attack ... within just 52 hours."
With WPA-TKIP things get worse. The investigators' attack can be "executed within an hour":
“Για να σπάσει το WPA-TKIP θα παρουσιάσουμε μια μέθοδο που παράγει ένα μεγάλο αριθμό πανομοιότυπων πακέτων. Αυτό το πακέτο αποκρυπτογραφείται με τη δημιουργία plaintext, και χρησιμοποιώντας τη περιττή δομή του πακέτου μπορείτε να αφαιρέσετε κακούς υποψηφίους. Από το αποκρυπτογραφημένο πακέτο αντλούμε το key TKIP MIC, which can be used to inject and decrypt packets “.
