Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cryptographers Break Commonly Used RC4 Cipher

Posted by timothy on from the do-it-one-nanotimes dept.

Sparrowvsrevolution writes "At the Fast Software Encryption conference in Singapore earlier this week, University of Illinois at Chicago Professor Dan Bernstein presented a method for breaking TLS and SSL web encryption when it's combined with the popular stream cipher RC4 invented by Ron Rivest in 1987. Bernstein demonstrated that when the same message is encrypted enough times--about a billion--comparing the ciphertext can allow the message to be deciphered. While that sounds impractical, Bernstein argued it can be achieved with a compromised website, a malicious ad or a hijacked router." RC4 may be long in the tooth, but it remains very widely used.

4 of 90 comments (clear)

  1. Arcfour by Hatta · · Score: 5, Informative

    This is the cipher known as 'arcfour' in SSH. I use it regularly when speed is more important than security, which is frequently. I'm not sending a billion of the same files anywhere, so I will continue to use it.

    --
    Give me Classic Slashdot or give me death!
    1. Re:Arcfour by slew · · Score: 3, Informative

      As I understand it, ARC4 originally stood for 'Alleged' RC-4 since it was reverse engineered from RSA's proprietary RC4 implementation. The name RC4 is trademarked by RSA and they refuse to confirm that ARC4 was 100% compatible with their trademarked RC4, so for these two reason, the name ARC4 stuck.

      Of course nobody today disputes that there is any actual difference between the public ARC4 and RSA's RC4...

  2. rfc4345 by cachimaster · · Score: 4, Informative

    If I understood the article, the reported RC4 weakness is known since so long ago there is a RFC about it (rfc4345) that TLS implementation just ignores. SSH also uses RC4 in a non-vulnerable way, and that's why it's not broken, and it's perfectly possible to have a secure RC4 algorithm by simply discarding the first N bytes, where N>1000.

  3. Re:Oh, come on ... heh. by bill_mcgonigle · · Score: 5, Informative

    Anyone know what Cipher Suite configuration is the "safest" now? :)

    You're screwed. You have the PCI people who are freaked out over CBC ciphers because of BEAST, you have lots of LTS distros not offering TLS 1.2, and you have people under FIPS who are your customers, so you wind up having to offer RC4 as a cipher to meet all of the above requirements. And even if you assume FIPS-managed clients will be controlling their ciphers to meet their internal requirements, you have to explain this to the PCI scanner vendor every. single. time.

    If the LTS vendors could backport TLS 1.2, that would solve many headaches.

    --
    My God, it's Full of Source!
    OUTSIDE_IP=$(dig +short my.ip @outsideip.net)