An attack against RC4 was demonstrated in 2015. This attack affects the use of RC4 in several protocols, including within Transport Layer Security (TLS) used by web browsers and web applications but also within WPA-TKIP used by wireless networks. This weakness in RC4 when applied to TLS can allow an attacker to decrypt a small amount of repeated content, such as a session token or other sensitive cookie values.
As this attack utilises two statistical biases in the RC4 algorithm (Fluhrer-McGrew biases and ABSAB biases) the only effective way to fully mitigate this vulnerability is to disable the use of RC4.
It is recommended that:
- All RC4 cipher suites are disabled
References
Previous
Factoring RSA Export Keys (FREAK)
Factoring RSA Export Keys (FREAK) is an attack against “export ciphers suites” which are cipher suites that have intentionally limited security due to prior regulation within the United States. This regulation placed restrictions on the strength of encryption algorithms used in software for exportation. This attack was demonstrated in 2015 [...]| Play | Cover | Release Label |
Track Title Track Authors |
|---|