The way to Crack RC4 Encryption in WPA-TKIP and TLS

Jun 29, 2016 · 2 min read
Image for post
Image for post
Image for post
Image for post
Image for post
Image for post

Security scientific study has developed a more practical and feasible attack technique resistant to the RC4 cryptographic algorithm that may be still widespread to encrypt communications on the net.

HTTPS protocol sucks

Despite being early, RC4 (Rivest Cipher 4) is still the most favored cryptographic cipher implemented in lots of popular protocols, including:

SSL (Secure Socket Layer)
TLS (Transport Layer Security)
WEP (Wired Equivalent Privacy)
WPA (Wi-Fi Protected Access)
Microsoft�s RDP (Remote Desktop Protocol)
and many more

However, weaknesses inside algorithm have been located in the past, indicating how the RC4 should be wiped from the web. But, yet about 50% of most TLS users are currently protected utilizing the RC4 encryption algorithm.

Now, the matter got worse, when two Belgian security researchers demonstrated a much more practical attack against RC4, allowing an attacker to subsequently expose encrypted information in a much shorter length of time than once was possible.

Attack on RC4 with 94% Accuracy

HTTPS protocol sucks

An episode on RC4 demonstrated in 2013 required in excess of 2,000 hours to complete. However, a more successful attack was presented this coming year in March, which focused on password recovery attacks against RC4 in TLS and required about 312 to 776 hours to complete.

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store