Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
ritter.vg
Crypto Cheatsheet
Description: The RC4 NOMORE Attack: Numerous Occurrence MOnitoring and Recovery Exploit
https (244) tls (122) rc4 (9) nomore (4) usenix (1) mathy vanhoef (1)
By Mathy Vanhoef and Frank Piessens , iMinds-DistriNet, KU Leuven, 2015
When you visit a website, and the browser's address bar contains a lock icon , the HTTPS protocol is used to protect your communication with this website (providing security and privacy). HTTPS supports several encryption techniques, one of them being the famous RC4 algorithm. At one point RC4 was used 50% of the time, with the estime around Februari 2015 being 30%. Our RC4 NOMORE attack exposes weaknesses in this RC4 encryption algorithm. More precisely, in most situations where RC4 is used, these weakness
In particular we show that an attacker can decrypt web cookies , which are normally protected by the HTTPS protocol. Websites use these cookies to identify users and authorize actions they perform. By obtaining the cookie of a victim, an attacker can log into a website as if he were the victim. This means the attacker can perform actions under the victim's name (e.g. post status updates and send messages), gain access to personal information (e.g. to emails and chat history), and so on.
Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
ritter.vg
Crypto Cheatsheet