Flaw found in common encryption program

日期:2019-03-06 05:19:13 作者:高咙仗 阅读:

By Will Knight A weakness has been discovered in a common system used to protect computer communications from eavesdroppers. The problem was found with the implementation of RC4, a program developed in 1987 which is frequently used to encode electronic messages into apparently meaningless data. Researchers from the Weizmann Institute in Israel and US company Cisco discovered the weakness and used it to capture messages sent over wireless computer networks using WEP (Wired Equivalent Privacy), a set of rules designed to ensure security. The research does not mean that all software using RC4 is vulnerable, but it undermines the reputation of the algorithm. “It is highly significant,” says Ben Laurie, a UK computer engineer. “There is the general feeling that because RC4 is so fast, it sails close to the wind on security. There may be [other programs using RC4] that are affected.” The problem lies with the RC4’s Key Scheduling Algorithm, which is derived from a secret key, and is used to convert messages into code. The researchers found that, under certain circumstances, this process is predictable and discovered that with WEP they could reverse the process, discover the secret key and decipher all messages. The weakness means that a message sent over some wireless networks can be uncovered in a matter of hours using a desktop computer. “After scanning several hundred thousand packets, the attacker can compute the secret key and thus decrypt all the ciphertexts,” Shamir told New Scientist. Other experts say that the discovery is likely cause some wireless networks to be redesigned and may also encourage those designing software to use different cryptographic tools. The work will be presented at the Eighth Annual Workshop on Selected Areas in Cryptography in Toronto,