This study was performed by computer scientists at CNRS, Inria Nancy-Grand Est, Inria Paris-Rocquencourt, Microsoft Research, Johns Hopkins University, University of Michigan, and the University of Pennsylvania: David Adrian , Karthikeyan Bhargavan , Zakir Durumeric , Pierrick Gaudry , Matthew Green , J. Alex Halderman , Nadia Heninger , Drew Springall , Emmanuel Thomé , Luke Valenta , Benjamin VanderSloot , Eric Wustrow , Santiago Zanella-Beguelin , and Paul Zimmermann . The team can be contacted at weakdh-team@ .
The single-byte bias attack on RC4 was announced on 12th March 2013 during Dan Bernstein's invited talk at FSE 2013 . Further information about biases in the RC4 keystream can be found in this slide-deck showing the distributions of the first 256 output bytes from the RC4 generator (based on 2 44 random 128-bit keys). Raw data for 2 45 random 128-bit keys can be found in this file . Further information about biases in the RC4 keystream for WPA/TKIP keys can be found in this slide-deck showing the distributions of the first 256 output bytes from the RC4 generator (based on 2 41 WPA/TKIP keys). Full details of our attacks can be found in our research paper . A high-level overview of the results can be obtained by reading our USENIX Security 2013 presentation . Video for this talk is available on the USENIX Security 2013 website . If you have remaining questions after having studied these resources, please contact us via e-mail.