[free-sklyarov] uh-oh, here are more candidates to be put in jail

Alexander Moskalyuk prostoalex at hotbox.ru
Fri Aug 3 20:57:28 PDT 2001 

So when is FBI knocking on their door?

http://www.newscientist.com/news/news.jsp?id=ns99991114

Flaw found in common encryption program 
  
A weakness has been discovered in a common system used 
to protect computer communications from eavesdroppers.

The problem was found with the implementation of RC4, 
a program developed in 1987 which is frequently used 
to encode electronic messages into apparently 
meaningless data.

Researchers from the Weizmann Institute in Israel and 
US company Cisco discovered the weakness and used it 
to capture messages sent over wireless computer 
networks using WEP (Wired Equivalent Privacy), a set 
of rules designed to ensure security. The research 
does not mean that all software using RC4 is 
vulnerable, but it undermines the reputation of the 
algorithm.

"It is highly significant," says Ben Laurie, a UK 
computer engineer. "There is the general feeling that 
because RC4 is so fast, it sails close to the wind on 
security. There may be [other programs using RC4] that 
are affected."


Reverse engineering 


The problem lies with the RC4's Key Scheduling 
Algorithm, which is derived from a secret key, and is 
used to convert messages into code. The researchers 
found that, under certain circumstances, this process 
is predictable and discovered that with WEP they could 
reverse the process, discover the secret key and 
decipher all messages.

The weakness means that a message sent over some 
wireless networks can be uncovered in a matter of 
hours using a desktop computer. "After scanning 
several hundred thousand packets, the attacker can 
compute the secret key and thus decrypt all the 
ciphertexts," Shamir told New Scientist.

Other experts say that the discovery is likely cause 
some wireless networks to be redesigned and may also 
encourage those designing software to use different 
cryptographic tools.

The work will be presented at the Eighth Annual 
Workshop on Selected Areas in Cryptography in Toronto, 
Canada on 16 August. 
 


Best regards,
Alexander Moskalyuk
http://www.moskalyuk.com/
ICQ 44065387

More information about the Free-sklyarov mailing list