The newest RC4 attack is a nightmare for certain HTTPS implementations, almost a third of the world’s encrypted Web connections can be cracked.
We have written several times about RC4 encryption that has been accused of being a Cryptographic disaster, now two Belgian security researchers from the University of Leuven did another discovery that highlights additional holes in the already criticized RC4.
The researchers wrote a paper that shows new attacks against RC4, which let the experts to capture cookies from his victim and decrypt the cookie in a short time, comparing with previous attacks, where it was taken more time.
The two researchers Mathy Vanhoef and Frank Piessens explained in their paper that what contributes to the significant reduction of decryption time is the discovery of new biases (linear combination of the key bytes) allowing attackers to break encryption in sites running TLS with RC4, or Wi-Fi Protected Access…
View original post 370 more words