RC4 NOMORE - Decrypting Cookies In Just 52 Hours
<p>
Researchers Mathy Vanhoef and Frank Piessens, from the University of Leuven, have shown that they can exploit weaknesses in the RC4 algorithm in order to decrypt web cookies used to store end-user content when communicating with HTTPS-enabled websites.</p>
<p>
<a href="https://en.wikipedia.org/wiki/RC4">RC4</a> is one of several algorithms used to encrypt content for use with TLS. RC4 was designed almost 30 years ago and has since been shown to be vulnerable to attack.</p>
<p>
<em>[UPDATED 17 July 2015]</em></p>
<p>
According to the International Computer Science Institute at Berkeley University of California around <a href="http://notary.icsi.berkeley.edu/">12.8% of cipher-suites</a> observed in the last 30 days still use the RC4 encryption algorithm. Our own research has indicated that 44 of the top 100 Alexa sites support at least one RC4 cipher suite at this time.</p>
<p>
We strongly encourage webmasters to re-consider their use of RC4. Any website can be quickly checked with online tools such as Qualys SSL Labs' SSL Server Test tool. The aim is to not see RC4 listed in the "Cipher Suites" section as this analysis on our websense.com site shows: <a href="https://www.ssllabs.com/ssltest/analyze.html?d=websense.com&s=204.15...
<p>
<img alt="" src="/sites/default/files/blog/legacy/8688.websense_ssl_server_test.png-550x0.png" style="height:215px; width:549px" /></p>
<h3>
Implications</h3>
<p>
The recently discovered attack, dubbed RC4 NOMORE (<strong>N</strong>umerous <strong>O</strong>ccurrence <strong>MO</strong>nitoring & <strong>R</strong>ecovery <strong>E</strong>xploit), will be presented at the upcoming USENIX Security Symposium scheduled for mid-August in Washington, D.C.</p>
<p>
Previous attacks against RC4 took in the region of 2000 hours to complete, but the method used by Vanhoef and Piessens has proven to be successful in as little as 52 hours in real-world applications. The implications are that an attacker with Man-In-The-Middle (MITM) capabilities could <em>trigger</em> a user to access code that generates the required data for the process to successfully determine the required cookie data. Within a short time the attacker could then log on to a website on behalf of the target, using the generated cookie data.</p>
<h3>
<strong>Recommendations</strong></h3>
<p>
RC4 should be considered unreliable as a method to achieve secure data encryption. Given the time frame in which an attacker could successfully decrypt a web cookie, consideration should be given to moving away from use of RC4.</p>
<h3>
Reference Material</h3>
<p>
The RC4 NOMORE attack is summarized on a newly-registered, dedicated website: <a href="http://www.rc4nomore.com/">http://www.rc4nomore.com/</a></p>
<p>
The full paper describing the attack is available here: <a href="http://www.rc4nomore.com/vanhoef-usenix2015.pdf">http://www.rc4nomore.co...
<p>
Details on the 24th USENIX Security Symposium are available here:<a href="https://www.usenix.org/conference/usenixsecurity15/technical-sessions/pr...
<p>
We will continue to monitor for developments related to weaknesses in RC4 and other encryption algorithms.</p>
