Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Bar-Mitzvah Attack - Breaking SSL with 13-Year Old RC4 Weakness

Black Hat via YouTube

Overview

Explore the vulnerabilities of RC4 encryption in SSL/TLS sessions through this Black Hat conference talk. Delve into the "Bar-Mitzva Attack," which exploits a 13-year-old weakness in RC4 to partially recover plaintext from SSL-protected data. Learn how this attack differs from previous SSL vulnerabilities like BEAST, POODLE, and CRIME, as it can potentially steal permanent secret data such as account credentials. Discover the unique aspects of this attack, including its ability to work with passive eavesdropping and recover parts of secrets transmitted only once. Examine the RC4 algorithm, its initialization process, and inherent weaknesses like the Invariance Weakness and Weak Key Classes. Understand the attack's basic scenario, LSB leakage, and its applications for weak passwords and credit card numbers. Compare this method to BEAST-like attacks and gain insights into the broader implications for SSL security.

Syllabus

Intro
Why Bar Mitzvah?
TLS Objectives
TLS Security
RC4 Usage in TLS
Stream Ciphers
RC4 Algorithm
RC4 (In)Randomness
RC4 Initialization
The Invariance Weakness
Weak Key Classes
Plaintext Leakage
The Attack Basic Scenario
LSB Leakage
LSB for Weak Passwords
LSB for Credit Card Numbers
BEAST-like Attack
Summary
Conclusions

Taught by

Black Hat

Reviews

Start your review of Bar-Mitzvah Attack - Breaking SSL with 13-Year Old RC4 Weakness

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.