If I had a dime for every penny of damage caused when people downplay the practicality of attacks against deployed crypto...
75 hours is enough time to attack a laptop left plugged in at the office over a 3-day weekend, and there's no reason why you'd have to attack only one laptop at a time.
The paper also says, "capturing traffic for 52 hours already proved to be sufficient", so it's not like 75 hours is some hard minimum.
Also:
"Our attack is not limited to decrypting cookies. Any data or information that is repeatedly encrypted can be recovered."
"We can break a WPA-TKIP network within an hour."
RC4 is dead, dead, dead. As with MD5, the writing's been on the wall for a while now, and attacks are only going to get better.
Yes, but we present several techniques on how to generate these amounts of data. For TLS and HTTPS you can use JavaScript. For WPA-TKIP you need control of one TCP connection, and that is enough to generate the data. We're not saying it's a point and click attack, but it's a very good reason to start worrying :)
If I had a dime for every penny of damage caused when people downplay the practicality of attacks against deployed crypto...
75 hours is enough time to attack a laptop left plugged in at the office over a 3-day weekend, and there's no reason why you'd have to attack only one laptop at a time.
The paper also says, "capturing traffic for 52 hours already proved to be sufficient", so it's not like 75 hours is some hard minimum.
Also:
"Our attack is not limited to decrypting cookies. Any data or information that is repeatedly encrypted can be recovered."
"We can break a WPA-TKIP network within an hour."
RC4 is dead, dead, dead. As with MD5, the writing's been on the wall for a while now, and attacks are only going to get better.