“Lucky Thirteen” attack snarfs cookies protected by SSL encryption (ars technica)
[Security] Posted Feb 4, 2013 20:33 UTC (Mon) by jake
Ars technica reports on a weakness found in various open source (and possibly proprietary) SSL/TLS implementations (e.g. OpenSSL, NSS). Exploiting it is fairly difficult, but it allows attackers to decrypt the ciphertext.
"The attacks start by capturing the ciphertext as it travels over the Internet. Using a long-discovered weakness in TLS's CBC, or cipher block chaining, mode, attackers replace the last several blocks with chosen blocks and observe the amount of time it takes for the server to respond. TLS messages that contain the correct padding will take less time to process. A mechanism in TLS causes the transaction to fail each time the application encounters a TLS message that contains tampered data, requiring attackers to repeatedly send malformed messages in a new session following each previous failure. By sending large numbers of TLS messages and statistically sampling the server response time for each one, the scientists were able to eventually correctly guess the contents of the ciphertext."
Comments (5 posted)