Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cryptographers Break Commonly Used RC4 Cipher For Web Encryption

Sparrowvsrevolution (1926150) writes | about a year and a half ago

Privacy 0

Sparrowvsrevolution (1926150) writes "At the Fast Software Encryption conference in Singapore earlier this week, University of Illinois at Chicago Professor Dan Bernstein presented a method for breaking TLS and SSL web encryption when it's combined with the popular stream cipher RC4 invented by Ron Rivest in 1987. Bernstein demonstrated that when the same message is encrypted enough times--about a billion--comparing the ciphertext can allow the message to be deciphered. While that sounds impractical, Bernstein argued it can be achieved with a compromised website, a malicious ad or a hijacked router.

It's long been suspected that RC4 had weakness based on biases in how it generates random numbers. But sites have nonetheless been moving back to the scheme in response to news of vulnerabilities in AES and Triple DES exploited by recent cryptographic attacks like BEAST and Lucky 13, both of which showed flaws in SSL and TLS in combination with block ciphers. With the news of RC4's insecurity it now seems that it's likely safer to stick with those more modern ciphers and depend on browser vendors to patch the flaws used by those other attacks."

Link to Original Source

cancel ×

0 comments

Sorry! There are no comments related to the filter you selected.

Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?