Break the RC4 encryption into WPA-TKIP and TLS protocols

Security researchers have developed an attack technique against the RC4 encryption algorithm known to be widely used to encrypt communications on the Internet..cryptography RC4

Despite the fact that the algorithm is "ancient" RC4 (Rivest Cipher 4) is still the most widely used encryption algorithm in many popular protocols. So your familiar protocols SSL (Secure Socket Layer), TLS (Transport Layer Security), WEP (Wired Equivalent Privacy), WPA (Wi-Fi Protected Access) Microsoft's RDP (Remote Desktop Protocol ), BitTorrent and many, many others still use an algorithm that has already been hacked.

The weaknesses of the algorithm that have been discovered over the years suggest the need for immediate replacement throughout the Internet.

Nevertheless, while it is already known, we find complete indifference from the immediate stakeholders. (Note: Then we blame the NSA and each of the governments that are watching us).

Note, for example, that approximately 50% of the total TLS traffic is protected by the RC4 encryption algorithm, according to THN.

Two Belgian security researchers have come to remind us of the seriousness of the vulnerabilities that exist in the algorithm we use for our communications. With a new much more practical attack against RC4, they managed to expose encrypted information to a lot period of time than was possible in the past.

An attack against RC4 that was announced on 2013 needed more than 2.000 hours to complete. However, the attack presented by the two researchers this year, which focused on the attacks to recover a password against the RC4 algorithm in the TLS protocol, took about 312-776 hours to complete.

The study (All Your Biases Belong To Us: Breaking RC4 in WPA-TKIP and TLS - PDF) of the two researchers (Mathy Vanhoef and Frank Piessens) from Leuven University in Belgium, presents an attack that allows the encryption of RC4 encrypted cookies in 75 hours with 94% accuracy.

The attack could be exploited by target-targeted attackers and an HTTPS-protected site, or wireless networks protected by the TKIP WPA-protected Protected Access Temporal Key Integrity Protocol.

In the case of TLS-protected HTTPS websites, researchers used a separate HTTP web site to code which causes the target server to send the encrypted authentication cookie repeatedly.

So they were able to decrypt a secure cookie with 94 percent accuracy using 9 × 227 cryptocurrencies.

The attack lasted about 75 hours, transmitting 4.450 Web requests per second, and in case of attacks against real devices, the time required may be reduced to 52 hours.

However, the attack against the WPA-TKIP protocol only takes one hour to complete.

Watch the video

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.100 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).