On the security of RC4 in TLS

N.J. AlFardan, D.J. Bernstein, K.G. Paterson, B. Poettering, J.C.N. Schuldt

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

145 Citations (Scopus)
203 Downloads (Pure)


The Transport Layer Security (TLS) protocol aims to provide confidentiality and integrity of data in transit across untrusted networks. TLS has become the de facto protocol standard for secured Internet and mobile applications. TLS supports several symmetric encryption options, including a scheme based on the RC4 stream cipher. In this paper, we present ciphertext-only plain-text recovery attacks against TLS when RC4 is selected for encryption. Our attacks build on recent advances in the statistical analysis of RC4, and on new findings announced in this paper. Our results are supported by an experimental evaluation of the feasibility of the attacks. We also discuss countermeasures.
Original languageEnglish
Title of host publication22nd USENIX Security Symposium (Washington DC, USA, August 14-16, 2013)
EditorsS. Kling
Place of PublicationBerkeley
PublisherUsenix Association
ISBN (Print)978-1-931971-03-4
Publication statusPublished - 2013


Dive into the research topics of 'On the security of RC4 in TLS'. Together they form a unique fingerprint.

Cite this