The bar mitzvah attack is an attack on the
SSL/TLS protocols that exploits the use of the
RC4
In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, ren ...
cipher with
weak key In cryptography, a weak key is a key, which, used with a specific cipher, makes the cipher behave in some undesirable way. Weak keys usually represent a very small fraction of the overall keyspace, which usually means that, if one generates a rando ...
s for that cipher.
While this affects only the first hundred or so bytes of only the very small fraction of connections that happen to use weak keys, it allows significant compromise of user security, for example by allowing the interception of password information
[ which could then be used for long-term exploitation.
The attack uses a vulnerability in RC4 described as the ''invariance weakness'' by Fluhrer et al. in their 2001 paper on RC4 weaknesses, also known as the FMS attack.][Fluhrer, S., Mantin, I., and A. Shamir,]
Weaknesses in the Key Scheduling Algorithm of RC4
, Selected Areas of Cryptography: SAC 2001, Lecture Notes in Computer Science
''Lecture Notes in Computer Science'' is a series of computer science books published by Springer Science+Business Media since 1973.
Overview
The series contains proceedings, post-proceedings, monographs, and Festschrifts. In addition, tutorial ...
Vol. 2259, pp 1–24, 2001.
The attack is named after the bar mitzvah ceremony which is held at 13 years of age, because the vulnerability exploited is 13 years old
See also
* Fluhrer, Mantin and Shamir attack In cryptography, the Fluhrer, Mantin and Shamir attack is a stream cipher attack on the widely used RC4 stream cipher. The attack allows an attacker to recover the key in an RC4 encrypted stream from a large number of messages in that stream.
The ...
References
External links
*
*
*
Transport Layer Security
{{crypto-stub