|
In cryptography, the Fluhrer, Mantin and Shamir attack is a stream cipher attack on the widely used RC4 stream cipher. The attack allows an attacker to recover the key in an RC4 encrypted stream from a large number of messages in that stream. The Fluhrer, Mantin and Shamir attack applies to specific key derivation methods, but does not apply in general to RC4-based SSL (TLS), since SSL generates the encryption keys it uses for RC4 by hashing, meaning that different SSL sessions have unrelated keys. However, the closely related bar mitzvah attack, based on the same research and revealed in 2015, does exploit those cases where weak keys are generated by the SSL keying process. ==Background== The Fluhrer, Mantin and Shamir (FMS) attack, published in their 2001 paper "Weaknesses in the Key Scheduling Algorithm of RC4",〔Fluhrer, S., Mantin, I., and A. Shamir, "(Weaknesses in the Key Scheduling Algorithm of RC4 )", Selected Areas of Cryptography: SAC 2001, Lecture Notes in Computer Science Vol. 2259, pp 1-24, 2001.〕 takes advantage of a weakness in the RC4 key scheduling algorithm to reconstruct the key from encrypted messages. The FMS attack gained popularity in network attack tools including AirSnort, weplab, and aircrack, which use it to recover the key used by WEP protected wireless networks. This discussion will use the below RC4 key scheduling algorithm (KSA). begin ksa(with int keylength, with byte key()) for i from 0 to 255 S() := i endfor j := 0 for i from 0 to 255 j := (j + S() + key(mod keylength )) mod 256 swap(S(),S()) endfor end The following pseudo-random generation algorithm (PRGA) will also be used. begin prga(with byte S()) i := 0 j := 0 while GeneratingOutput: i := (i + 1) mod 256 j := (j + S()) mod 256 swap(S(),S()) output S) mod 256] endwhile end 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Fluhrer, Mantin and Shamir attack」の詳細全文を読む スポンサード リンク
|