IBM recently issued a security bulletin for a newly discovered security vulnerability – a weak cryptography algorithm in the SSL/TLS protocol stack–that could allow hackers to steal data. That vulnerability was discovered by Itsik Mantin, director security research at Imperva.
The Bar Mitzvah attack uses “a 13-year-old vulnerability of RC4 that is based on huge classes of RC4 weak keys.” Mantin demonstrates how the vulnerability “can be used to mount several partial plaintext recovery attacks on SSL-protected data when RC4 is the cipher of choice, recovering part of secrets such as session cookies, passwords, and credit card numbers.”
Despite the well-known problems with the RC4 cipher, it is still used to protect 30 percent of SSL traffic, Mantin says, “likely amounting to billions of TLS connections every day.” (TLS refers to a more advanced version of Secure Sockets Layer encryption, and is essentially a new name for SSL.) It is clear that it’s time to stop using RC4.
That’s exactly what IBM recommends doing in its security bulletin on the matter. Instead of issuing a patch or a PTF that removes RC4 from the various SSL/TLS implementations on IBM i, IBM’s workaround recommends disabling RC4.
Mantin adds “As known for quite many years, RC4 is a weak encryption algorithms and the fact that it is still used in situations where there are safer alternatives (in TLS for example), is quite surprising.
Several researches in the recent years, the Bar-Mitzvah attack being the most recent one, had bridged the gap between cipher vulnerabilities and actual attacks on actual usages of RC4, and to the understanding in the industry that using RC4 in TLS exposes the protected data to leakage in several scenarios.
IBM follows other companies (Microsoft, Imperva and others) and standardization bodies (IETF issuing RFC 7465) in taking action to remove RC4 from the permissible ciphers list in TLS connections.”