Bar-Mitzvah Attack - Breaking SSL with 13-Year Old RC4 Weakness

Explore the vulnerabilities of RC4 encryption in SSL/TLS sessions through this Black Hat conference talk. Delve into the "Bar-Mitzva Attack," which exploits a 13-year-old weakness in RC4 to partially recover plaintext from SSL-protected data. Learn how this attack differs from previous SSL vulnerabilities like BEAST, POODLE, and CRIME, as it can potentially steal permanent secret data such as account credentials. Discover the unique aspects of this attack, including its ability to work with passive eavesdropping and recover parts of secrets transmitted only once. Examine the RC4 algorithm, its initialization process, and inherent weaknesses like the Invariance Weakness and Weak Key Classes. Understand the attack's basic scenario, LSB leakage, and its applications for weak passwords and credit card numbers. Compare this method to BEAST-like attacks and gain insights into the broader implications for SSL security.

Intro
Why Bar Mitzvah?
TLS Objectives
TLS Security
RC4 Usage in TLS
Stream Ciphers
RC4 Algorithm
RC4 (In)Randomness
RC4 Initialization
The Invariance Weakness
Weak Key Classes
Plaintext Leakage
The Attack Basic Scenario
LSB Leakage
LSB for Weak Passwords
LSB for Credit Card Numbers
BEAST-like Attack
Summary
Conclusions