Vulnerabilities of Stream Ciphers
- Some known incidents where key reuse led to attacks on the encryption:
- During WWI, the U.S. initiated a counterintelligence program named the Venona Project, whose purpose was to decrypt messages transmitted by the intelligence agencies of the Soviet Union.
U.S. cryptanalysts discovered that the Soviets produced around 35,000 pages of duplicate keys.
- The WEP (Wired Equivalent Privacy) protocol, which was intended to provide security to wireless networks (WiFi), is nowadays deemed insecure because of key reuse, too.
- Each key in this encryption method is built up of two parts: an Initialization Vector (IV), which is a random number, and a key (that never changed.) The digits of the vector were appended to the left of the key (in the form: VVV...VVKKK...KK,) and this long number, called the seed, was XORed with the plaintext.
- The problem was that the vector is 24-bit in size, so it repeats every 16 million pages (which actually isn't a lot given a computer's speed.)
- This vulnerability was discovered in 2001, 4 years after the protocol was created.
- WEP was eventually replaced by WPA2, which is the most secure WiFi encryption solution today.