Researchers show they can recover sensitive cookies from RC4-encrypted TLS connections in 75 hours
There’s an old saying in the security community: Attacks always get better. The latest case where that holds true is for the aging RC4 cipher that’s still widely used to encrypt communications on the Internet.
Researchers Mathy Vanhoef and Frank Piessens from the University of Leuven in Belgium devised a new attack method that can recover authentication cookies and other sensitive information from Web connections encrypted with RC4.
The RC4 (Rivest Cipher 4) algorithm was designed in 1987 by renowned cryptographer Ron Rivest and remained a trade secret until 1994, when it was leaked on the Internet. Since then it has been implemented in a number of popular protocols, including SSL (Secure Socket Layer) and its successor, TLS (Transport Layer Security); the WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) wireless security standards; Microsoft’s RDP…
View original post 812 more words