Skip to content

Exploits weaknesses in RC4 to mount a chosen-plaintext attack and recover the private key. The vulnerability is similar to the one used to crack WEP, but it targets schemes where the initialisation vector precedes the long term key.

License

Notifications You must be signed in to change notification settings

dj311/rc4-key-recovery-attacks

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

30 Commits
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Key Recovery Attacks on RC4

This repo includes a key recovery attack against a mock encryption scheme I've called RC4-CTR. This scheme builds a block cipher using poorly borrowed ideas from AES's counter mode. The attack is similar to the WEP attack used by tools such as aircrack-ng but the initialisation vector is placed before the long term key.

This is a chosen-plaintext attack that recovers the private key in around 100,000 blocks. It works when ephemeral keys are generated by concatenating a public nonce before the long-term key (ala Section 4.3 in "Attacks on the RC4 stream cipher" by Andreas Klein). In doing this, the scheme introduces a relationship between ephemeral keys. The key scheduling algorithm of RC4 isn't very strong, and it's PRNG output leaks enough information about the keys that related-key attacks do work. This attack code should be generalisable to any situation where ephermeral keys are generated by concatenating a known public nonce with the long-term key.

  • server.py implements the encryption scheme, exposed via an API endpoint. Check the docstring and source code for a description of the scheme.
  • solve.py implements the attack. Check the docstring and source code for implementation details on how the attack works.
  • attack.md is a write-up of the attack, intended to accompany and explain the code in solve.py (work-in-progress).

This was all written as a learning exercise, and I've tried to document how and why it works. Hopefully this is a useful accompaniment to the original paper.

There is a live version of the server on my website. You can extract it's key by running:

$ python3 solve.py --cache=samples-djwj.csv --server=https://danielwilshirejones.com

Be warned, the call above is slow and probably not worth it. It takes me over 100 times longer to run the attack on a remote server compared with locally.

About

Exploits weaknesses in RC4 to mount a chosen-plaintext attack and recover the private key. The vulnerability is similar to the one used to crack WEP, but it targets schemes where the initialisation vector precedes the long term key.

Topics

Resources

License

Stars

Watchers

Forks

Languages