Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
RC4
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Royal Holloway attack=== In 2013, a group of security researchers at the Information Security Group at Royal Holloway, University of London reported an attack that can become effective using only 2<sup>34</sup> encrypted messages.<ref>{{cite news |url=https://www.theregister.co.uk/2013/03/15/tls_broken/ |title=HTTPS cookie crypto CRUMBLES AGAIN in hands of stats boffins |author=John Leyden |website=The Register |date=15 March 2013}}</ref><ref>{{cite web |url=http://www.isg.rhul.ac.uk/tls/RC4biases.pdf |title=On the Security of RC4 in TLS and WPA |last=AlFardan |publisher=Information Security Group, Royal Holloway, University of London |date=8 July 2013 |display-authors=etal |access-date=6 September 2013 |archive-date=22 September 2013 |archive-url=https://web.archive.org/web/20130922170155/http://www.isg.rhul.ac.uk/tls/RC4biases.pdf |url-status=dead }}</ref><ref>{{cite web |title=On the Security of RC4 in TLS and WPA |url=http://www.isg.rhul.ac.uk/tls/ |publisher=Information Security Group, Royal Holloway, University of London |access-date=2013-09-06}}</ref> While yet not a practical attack for most purposes, this result is sufficiently close to one that it has led to speculation that it is plausible that some state cryptologic agencies may already have better attacks that render RC4 insecure.<ref name=Leyden20130906>{{cite web |url=https://www.theregister.co.uk/2013/09/06/nsa_cryptobreaking_bullrun_analysis/ |title=That earth-shattering NSA crypto-cracking: Have spooks smashed RC4? |author=John Leyden |date=6 September 2013 |website=The Register}}</ref> Given that, {{asof|2013|lc=yes}}, a large amount of [[Transport Layer Security|TLS]] traffic uses RC4 to avoid attacks on block ciphers that use [[cipher block chaining]], if these hypothetical better attacks exist, then this would make the TLS-with-RC4 combination insecure against such attackers in a large number of practical scenarios.<ref name=Leyden20130906/> In March 2015, researcher to Royal Holloway announced improvements to their attack, providing a 2<sup>26</sup> attack against passwords encrypted with RC4, as used in TLS.<ref>{{Cite web |title=RC4 must die |url=http://www.isg.rhul.ac.uk/tls/RC4mustdie.html}}</ref>
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
RC4
(section)
Add topic
