Another crypto-attack on SSL/TLS encryption
SSL/TLS is the foundation of secure internet connections, with RC4, designed by Ron Rivest in 1987, often used for encryption. Researchers have now come up with an attack against the algorithm that can decrypt at least the beginning of a secure transmission. The attack is still mostly theoretical, but it clearly demonstrates that there are some issues that need to be solved.
A huge number of servers use RC4, including Google, Facebook, and Microsoft's web servers. The method has a number of advantages – it's very fast, which means that it's easier for servers to handle, and it's not vulnerable to some of the recent attacks on SSL/TLS like BEAST and Lucky13 and has therefore often been recommended as an alternative. At the same time, however, RC4 is old and has its fair share of problems.
The RC4 algorithm is what is known as a stream cipher, with, basically, a pseudo-random number generator spitting out practically random numbers that are then used to link texts that need to be encrypted or decrypted with XOR. The password determines the generator's initialisation value, with the same value making the generator produce the same stream of numbers every time. If the numbers were truly random, this method would, in fact, create uncrackable encryption, known as a one-time pad. But, as the name says, the pseudo-random numbers are merely almost random, and Nadhem AlFardan, Dan Bernstein, Kenny Paterson, Bertram Poettering and Jacob Schuldt have found a way to use the minimal deviations from a purely statistical distribution to crack the encryption and decrypt at least 220 bytes of a connection.
The attack cannot yet be actually implemented in practice, but, as everyone knows, attacks are improving all the time. These findings should be considered a warning shot, and those using RC4 encryption should start looking for an alternative. One of the researchers' recommendations is CBC block cipher methods that have been updated to block BEAST and Lucky 13; another option is TLS 1.2, which is not yet widely used but offers better encryption methods.