«
Expand/Collapse
17 items tagged "technique"
Related tags:
new [+],
hacks [+],
wep [+],
recovery [+],
martin vuagnoux [+],
linear correlations [+],
encrypted packets [+],
chaos communication congress [+],
txt [+],
reverse engineering [+],
exploitation [+],
engineering [+],
cnc [+],
card access [+],
aiko tags [+],
whitepaper [+],
web [+],
way [+],
usa [+],
steganography [+],
sql injection [+],
soda [+],
slides [+],
sehop [+],
reprap [+],
relies [+],
quick blindsql [+],
pop pop [+],
pop [+],
plywood [+],
plastic soda bottle [+],
patrick thomas tags [+],
order of magnitude [+],
more [+],
misc [+],
medical [+],
magnitude improvements [+],
liter soda bottles [+],
letter shapes [+],
lattice [+],
laser [+],
jamie mantzel [+],
itzhak avraham tags [+],
itzhak [+],
hack [+],
group [+],
glass walls [+],
glass [+],
ghost [+],
fear [+],
fabrication technique [+],
exploitation technique [+],
e commerce software [+],
domain names [+],
diamond shapes [+],
defense mechanisms [+],
deep thinkers [+],
coating [+],
body scanners [+],
black hat [+],
asia [+],
application [+],
aiko [+],
Learn [+],
ARM [+],
3d prints [+],
3d extrusion [+]
-
-
![Permalink for '[Video] News Key Recovery Attacks on RC4/WEP'](/themes/lilina/web//media/mark_off.gif)
14:48
»
SecDocs
Authors:
Martin Vuagnoux Tags:
WiFi Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: In this paper, we present several weaknesses in the stream cipher RC4. First, we present a technique to automatically reveal linear correlations in the PRGA of RC4. With this method, 48 new exploitable correlations have been discovered. Then we bind these new biases in the PRGA with known KSA weaknesses to provide practical key recovery attacks. Henceforth, we apply a similar technique on RC4 as a black box, i.e. the secret key words as input and the keystream words as output. Our objective is to exhaustively find linear correlations between these elements. Thanks to this technique, 9 new exploitable correlations have been revealed. Finally, we exploit these weaknesses on RC4 to some practical examples, such as the WEP protocol. We show that these correlations lead to a key recovery attack on WEP with only 9,800 encrypted packets (less than 20 seconds), instead of 24,200 for the best previous attack.
-
14:35
»
SecDocs
Authors:
Martin Vuagnoux Tags:
WiFi Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: In this paper, we present several weaknesses in the stream cipher RC4. First, we present a technique to automatically reveal linear correlations in the PRGA of RC4. With this method, 48 new exploitable correlations have been discovered. Then we bind these new biases in the PRGA with known KSA weaknesses to provide practical key recovery attacks. Henceforth, we apply a similar technique on RC4 as a black box, i.e. the secret key words as input and the keystream words as output. Our objective is to exhaustively find linear correlations between these elements. Thanks to this technique, 9 new exploitable correlations have been revealed. Finally, we exploit these weaknesses on RC4 to some practical examples, such as the WEP protocol. We show that these correlations lead to a key recovery attack on WEP with only 9,800 encrypted packets (less than 20 seconds), instead of 24,200 for the best previous attack.
-
14:34
»
SecDocs
Authors:
Martin Vuagnoux Tags:
WiFi Event:
Chaos Communication Congress 27th (27C3) 2010 Abstract: In this paper, we present several weaknesses in the stream cipher RC4. First, we present a technique to automatically reveal linear correlations in the PRGA of RC4. With this method, 48 new exploitable correlations have been discovered. Then we bind these new biases in the PRGA with known KSA weaknesses to provide practical key recovery attacks. Henceforth, we apply a similar technique on RC4 as a black box, i.e. the secret key words as input and the keystream words as output. Our objective is to exhaustively find linear correlations between these elements. Thanks to this technique, 9 new exploitable correlations have been revealed. Finally, we exploit these weaknesses on RC4 to some practical examples, such as the WEP protocol. We show that these correlations lead to a key recovery attack on WEP with only 9,800 encrypted packets (less than 20 seconds), instead of 24,200 for the best previous attack.
-
-
14:01
»
Hack a Day
Some of the deep thinkers over at MIT have come up with an interesting hack for ordinary glass. If you coat it in a special way it becomes nearly invisible. This is only one of the effects of the coating, but brings images of people walking through glass walls to our minds. Joking aside, this [...]
-
-
12:01
»
Hack a Day
Here’s a laser cutting technique that makes thin plywood bendable. By cutting away elongated diamond shapes from the material, a lattice of strips connected minimally by alternating tabs is left over. The wood is then bendable, and it must be somewhat durable since the idea came from a product that uses the technique as a [...]
-
-
11:01
»
Hack a Day
This is a screenshot from a video tutorial on making your own prosthetic parts from 2-liter soda bottles. The opaque white part is a mold made of plaster. It’s a representation of the wearer’s limb, and provides the hard, heat-resistant form necessary for this manufacturing technique. You can see the clear plastic soda bottle which fits over [...]
-
-
14:01
»
Hack a Day
[Jamie Mantzel] figured out his own way of 3D printing large objects without fear of warping. First a bit of background information. When using a 3D extrusion printer like the RepRap or Makerbot, prints that span a large area tend to warp. That’s because these printers lay down one thin layer of plastic at a [...]
-
-
6:35
»
SecDocs
Authors:
Patrick Thomas Tags:
web application fingerprinting Event:
Black Hat USA 2010 Abstract: Standard known web applications such as blogging, forum and e-commerce software make up over half of the active web applications on the Internet. Vulnerabilities in these applications (and their plugins) are discovered at an accelerated rate and abused for site defacement and increasingly to serve malware. Website administrators need to keep track of the versions of these web applications installed and update them to a non-vulnerable release. Remote web application fingerprinting is a technique to identify the version of a known web application through only its publicly available files and to use the data to report on vulnerabilities of the application. The presentation will detail the steps in this fingerprinting process, including full automation from database seeding to remote probing. It will then illustrate use of the detection technique on a number of well known websites to show what applications and plugins are installed and what vulnerabilities are resident on these sites. The presentation will discuss how our techniques are able to produce order of magnitude improvements over existing implementations. In conjunction with this talk, I will also release a free community tool implementing the described techniques with more examples.
-
-
21:25
»
SecDocs
-
-
7:59
»
SecDocs
