Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Devise New Attack Techniques Against SSL

Posted by samzenpus on from the protect-ya-neck dept.

alphadogg writes "The developers of many SSL libraries are releasing patches for a vulnerability that could potentially be exploited to recover plaintext information, such as browser authentication cookies, from encrypted communications.The patching effort follows the discovery of new ways to attack SSL, TLS and DTLS implementations that use cipher-block-chaining (CBC) mode encryption. The new attack methods were developed by researchers at the University of London's Royal Holloway College. The men published a research paper and a website on Monday with detailed information about their new attacks, which they have dubbed the Lucky Thirteen. They've worked with several TLS library vendors, as well as the TLS Working Group of the IETF, to fix the issue."

4 of 33 comments (clear)

  1. I'm safe by GloomE · · Score: 5, Funny

    The attack relies on the slight difference in processing time of certain packets.
    My ISP is so over-subscribed that latency here varies from packet to packet by 1 second.
    They are obviously doing this on purpose to protect their clients.

  2. Re:Could this be the NSA's secret crack? by Anonymous Coward · · Score: 3, Informative

    No.

    Paranoid though I am, this is a timing attack needing multiple packets. Not something you can do 'offline'

  3. Re:Could this be the NSA's secret crack? by Anonymous Coward · · Score: 5, Insightful

    Yes, the NSA has broken AES, which is why all of the encryption standards they use for their secrets are based on it. Beccause, if they can break it, there's no way someone like, I don't know, China could.

    I consider myself on the paranoid side of tech, but even I treat rumors about the NSA seccretly breaking low level schemes the same way I treat rumors about UFOs.

  4. New Timing Attack by cryptizard · · Score: 5, Informative

    For lazy people a quick overview of this attack is that it uses very small differences between the amount of time it takes to decrypt a correctly padded TLS record and the time it takes to reject an incorrectly padded record (think of the padding as kind of a checksum). An attacker can modify encrypted records, send them to the server and discover whether the decryption is correctly padded or not based on the amount of time it takes to respond. With this knowledge, an attacker can interactively decrypt a record bit by bit, testing the padding over and over.

    It only works in datagram TLS (DTLS) because regular TLS terminates a session after one incorrectly padded message. It also only works over LAN where you can get really precise timing.