Vigil@nce - SSL/TLS: obtaining messages encrypted by RC4
March 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
When an attacker has 2^30 RC4 encrypted messages with different
keys, he can guess the clear text message.
– Impacted products: SSL/TLS
– Severity: 1/4
– Creation date: 15/03/2013
DESCRIPTION OF THE VULNERABILITY
A SSL/TLS session can negotiate different encryption algorithms.
The RC4 algorithm uses a continuous stream of bytes generated from
the key. This stream if then combined (XOR) with the clear text
message.
However, the generated stream is biased. A statistical analysis of
million of encrypted messages shows this bias.
When an attacker has 2^30 (minimum 2^24) RC4 encrypted messages
with different keys, he can therefore guess the clear text
message. This vulnerability is hard to exploit because of the
quantity of messages required to perform the attack.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SSL-TLS-obtaining-messages-encrypted-by-RC4-12530