New HTTPS Bicycle Attack Reveals Details About Passwords From Encrypted Traffic

campuscodi writes: Dutch security researcher Guido Vranken has published a paper [PDF] in which he details a new attack on TLS/SSL-encrypted traffic, one that can potentially allow attackers to extract some information from HTTPS data streams. Attackers could extract the length of a password from TLS packets, and then use this information to simplify brute-force attacks. The new HTTPS Bicycle Attack can also be used retroactively on HTTPS traffic logged several years ago. Hello NSA!

How useful really is password length?

[Sowelu]

Seems to me that if you wanted to brute force something, you'd start with the minimum size allowed and go up from there. If there's 50 different characters allowed for any letter of a password, then testing all possible 7-length passwords takes 1/50th the time as testing all possible 8-length passwords, and so on. Negligible.

I guess it could be useful to know whether or not a given password IS brute forceable, though, and give you a rough ETA. An attacker could say "huh, this guy only has a 6 letter password, we can grab that in a minute", or "this guy has a length 20 password, we have no chance".

Re:How useful really is password length?

If you're targeting an individual user, you can look at their password lengths across multiple sites (to attack them where they're weakest, for example)

If you're targeting one *site*, you can look at the password lengths across all the users and attack the users (or subset of users, like admins or influential users) with the shortest passwords.

Only valid for stream ciphers.

[guruevi]

Not sure how he would get the results with block ciphers but the paper only describes stream ciphers. That's the reason we don't use stream ciphers for HTTPS but rather block ciphers. Stream ciphers should simply never be used where keys repeat.