pixel_dreams - Fotolia

Problem solve Get help with specific problems with your technologies, process and projects.

Bar Mitzvah attack: Time to ditch the RC4 algorithm?

The Bar Mitzvah attack exploits weaknesses in the RC4 algorithm. Expert Nick Lewis explains why migrating from RC4 is better than adding additional security controls to secure it.

I've heard about the "Bar Mitzvah attack" that exploits weak keys used by the RC4 algorithm. My organization uses RC4 and is reluctant to move off it because of performance concerns. How serious are the risks around RC4, and is there anything else my enterprise can do to maintain the security of RC4?

This is a good example of using data to drive decisions around information security risks. I am curious more about the performance concerns of RC4 alternatives and the costs associated with the potential additional processing power necessary to address these concerns. These costs may be reasonably calculated -- for example, if you have eight servers in a load-balanced cluster for a high-volume Web application and you now need two additional servers to handle the same load, those two servers would be a hard cost. Likewise, the cost to switching off of using the RC4 algorithm could also be calculated.

The "Bar Mitzvah attack" requires a sniffer or man-in-the-middle attack to passively collect data and extract parts of the plaintext key and some of the plaintext data. Based on this data, the attacker is then able to reduce the time needed to break the encryption to get access to all of the plaintext data.

If your enterprise does not want to replace the RC4 algorithm, it should note that maintaining the security of the environment will require making other improvements to how SSL and TLS are used, so it is worth the additional effort to migrate away from RC4 in general.

The RC4 algorithm has been known to be weak for the last decade; enterprises should start planning to migrate to AES as soon as possible. While the algorithm is not completely broken, an attack that makes using RC4 futile is only a short time away. Rather than needing an emergency to replace RC4, careful planning to replace it now with AES should be done. Also, RC4 is used in more than just SSL -- it is also in wireless encryption -- so identifying where the RC4 algorithm is used in the enterprise will be one of the first steps to making the change.

Ask the Expert:
Want to ask Nick Lewis a question about enterprise threats? Submit your question now via email. (All questions are anonymous.)

Next Steps

Learn more about the RC4 algorithm and its alternatives

Don't miss SearchSecurity's encryption and cryptography primer

This was last published in October 2015

Dig Deeper on Malware, virus, Trojan and spyware protection and removal