1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Encrypted Web and Wi-Fi at risk as RC4 attacks become more practical

Discussion in 'Network World' started by RSS, Jul 16, 2015.

  1. RSS

    RSS New Member Member

    There’s an old saying in the security community: Attacks always get better. The latest case where that holds true is for the aging RC4 cipher that’s still widely used to encrypt communications on the Internet.

    Researchers Mathy Vanhoef and Frank Piessens from the University of Leuven in Belgium devised a new attack method that can recover authentication cookies and other sensitive information from Web connections encrypted with RC4.

    The RC4 (Rivest Cipher 4) algorithm was designed in 1987 by renowned cryptographer Ron Rivest and remained a trade secret until 1994, when it was leaked on the Internet. Since then it has been implemented in a number of popular protocols, including SSL (Secure Socket Layer) and its successor, TLS (Transport Layer Security); the WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) wireless security standards; Microsoft’s RDP (Remote Desktop Protocol) and MPPE (Microsoft Point-to-Point Encryption), BitTorrent and others.

    To read this article in full or to leave a comment, please click here

    Continue reading...
     

Share This Page