Bar mitzvah attack

The bar mitzvah attack is an attack on the SSL/TLS protocols that exploits the use of the RC4 cipher with weak keys for that cipher. While this affects only the first hundred or so bytes of only the very small fraction of connections that happen to use weak keys, it allows significant compromise of user security, for example by allowing the interception of password information which could then be used for long-term exploitation.

The attack uses a vulnerability in RC4 described as the invariance weakness by Fluhrer et al. in their 2001 paper on RC4 weaknesses, also known as the FMS attack.

The attack is named after the bar mitzvah ceremony which is held at 13 years of age, because the vulnerability exploited is 13 years old and likely inspired by the naming of the unrelated birthday attack.