[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RC4 still sucks in the year 2014 - A Practical Attack Against the HIVE Hidden Volume Encryption System

To: cpunks <[email protected]>
Subject: RC4 still sucks in the year 2014 - A Practical Attack Against the HIVE Hidden Volume Encryption System
From: [email protected] (coderman)
Date: Mon, 3 Nov 2014 11:02:48 -0800

"""
A Practical Attack Against the HIVE Hidden Volume Encryption System

Kenneth G. Paterson and Mario Strefler

Abstract: The HIVE hidden volume encryption system was proposed by
Blass et al. at ACM-CCS 2014. Even though HIVE has a security proof,
this paper demonstrates an attack on its implementation that breaks
the main security property claimed for the system by its authors,
namely plausible hiding against arbitrary-access adversaries. Our
attack is possible because of HIVE's reliance on the RC4 stream cipher
to fill unused blocks with pseudorandom data. While the attack can be
easily eliminated by using a better pseudorandom generator, it serves
as an example of why RC4 should be avoided in all new applications and
a reminder that one has to be careful when instantiating primitives.
"""
 - http://eprint.iacr.org/2014/901

Prev by Date: are USB floppies toxic?
Next by Date: POTUS jammin'
Previous by thread: Crypto War Redux
Next by thread: on list moderation of great justice [was: [oss-security] list policy (Re: Truly scary SSL 3.0 vuln to be revealed soon:) ]
Index(es):
- Date
- Thread