Le jeudi 12 mars à 13h30, le Loria accueillera Kenny Paterson du groupe Sécurité de l'Information de Royal Holloway (Université de Londres), dans le cadre du prochain séminaire sécurité. Il fera un exposé intitulé : "Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS". L'exposé sera en anglais.
Résumé (en anglais) :
Despite recent high-profile attacks on the RC4 algorithm in TLS, its usage is still running at about 30% of all TLS traffic. This is attributable to the lack of practicality of the existing attacks, the desire to support legacy implementations, and resistance to change. We provide new attacks against RC4 in TLS that are focussed on recovering user passwords, still the pre-eminent means of user authentication on the Web today. Our attacks rely on similar statistical analysis to the existing attacks, but exploit specific features of the password setting to produce attacks that are much closer to being practical. We report on extensive simulations that illustrate this. We also report on two proof of concept implementations of the attacks for specific application layer protocols, namely BasicAuth and IMAP. Our work validates the truism that attacks only get better with time.
Voir le programme des séminaires sécurité au Loria