RC4到底安全么
WEP已经被现在生产的路由器淘汰了,原因就是IV和RC4的使用导致的安全性问题。自己在学校lab的pc上跑破解,2分钟就能跑出使用wep的无线路由器密码。下面是wiki里的话(原谅我比较懒不想翻)
Wired Equivalent Privacy
Because RC4 is a stream cipher, the same traffic key must never be used twice. The purpose of an IV, which is transmitted as plain text, is to prevent any repetition, but a 24-bit IV is not long enough to ensure this on a busy network. The way the IV was used also opened WEP to a related key attack. For a 24-bit IV, there is a 50% probability the same IV will repeat after 5000 packets.5000个数据包着实不多。
这个高重复率是下面所提到的攻击能进行的前提条件。 RC4
Fluhrer, Mantin and Shamir attackMain article: Fluhrer, Mantin and Shamir attack In 2001, a new and surprising discovery was made by Fluhrer, Mantin and Shamir: over all possible RC4 keys, the statistics for the first few bytes of output keystream are strongly non-random, leaking information about the key. If the long-term key and nonce are simply concatenated to generate the RC4 key, this long-term key can be discovered by analysing a large number of messages encrypted with this key. 【RC4到底安全么】 这个攻击就是对WEP攻击的理论基础。
还有以下的严峻事实
As of 2015, there is speculation that some state cryptologic agencies may possess the capability to break RC4 even when used in the TLS protocol. Mozilla and Microsoft recommend disabling RC4 where possible. RFC 7465 prohibits the use of RC4 in TLS.前段时间还有这个攻击,参看 @秋翎 的专栏文章
重新审视RC4算法安全性 - 勿忘是分享苹果的地方 - 专栏
个人建议,能不用RC4还是不要用了……
■网友
相对不安全,现在一般在减少RC4的使用。
推荐阅读
- 三角梅冬天有“四怕”,避开了才能安全越冬,来年疯狂开花不停歇!
- 青海湖裸鲤“育幼师”:守护高原圣湖“精灵”安全越冬
- 江西省食品安全溯源平台上线揭开食品的“来龙去脉”
- 樊金龙■省领导带队检查节前涉外疫情防控和安全生产工作
- 联运■连云港港全国首推集装箱铁水联运“一单到底”
- 浙江推进抽检分离改革“摇号”“盲检”保障食品安全
- 危及铁路运输安全长三角13起事件责任方受到依法约谈
- 新疆铁路部门积极应对降雪降温天气保证旅客安全出行
- 安全隐患|安全生产专项整治,南通警方开启百日攻坚行动
- 凯美瑞|中保研公布帕萨特碰撞成绩 安全度和雅阁/凯美瑞相当