Slashdot Mirror

← Back to Stories (view on slashdot.org)

New HTTPS Bicycle Attack Reveals Details About Passwords From Encrypted Traffic (softpedia.com)

Posted by samzenpus on from the protect-ya-neck dept.

campuscodi writes: Dutch security researcher Guido Vranken has published a paper [PDF] in which he details a new attack on TLS/SSL-encrypted traffic, one that can potentially allow attackers to extract some information from HTTPS data streams. Attackers could extract the length of a password from TLS packets, and then use this information to simplify brute-force attacks. The new HTTPS Bicycle Attack can also be used retroactively on HTTPS traffic logged several years ago. Hello NSA!

11 of 78 comments (clear)

  1. How useful really is password length? by Sowelu · · Score: 4, Insightful

    Seems to me that if you wanted to brute force something, you'd start with the minimum size allowed and go up from there. If there's 50 different characters allowed for any letter of a password, then testing all possible 7-length passwords takes 1/50th the time as testing all possible 8-length passwords, and so on. Negligible.

    I guess it could be useful to know whether or not a given password IS brute forceable, though, and give you a rough ETA. An attacker could say "huh, this guy only has a 6 letter password, we can grab that in a minute", or "this guy has a length 20 password, we have no chance".

    1. Re:How useful really is password length? by Anonymous Coward · · Score: 2, Insightful

      If you're targeting an individual user, you can look at their password lengths across multiple sites (to attack them where they're weakest, for example)

      If you're targeting one *site*, you can look at the password lengths across all the users and attack the users (or subset of users, like admins or influential users) with the shortest passwords.

    2. Re:How useful really is password length? by mspohr · · Score: 2

      "I think this attack is probably going to be minimally useful at best, and even then only for very short, stupid passwords."

      ... which are already susceptible to simple brute force attacks.

      --
      I don't read your sig. Why are you reading mine?
    3. Re:How useful really is password length? by antifoidulus · · Score: 2

      You could also use the information to try to phish the users. "We noticed that your password is only x characters long, in order to increase security we are requiring passwords of at least x+y characters long, please click this link to reset your password"

      --
      Monstar L
    4. Re:How useful really is password length? by maugle · · Score: 2

      It is still a very useful tool, though. As the GP pointed out, it allows for more effective use of computing resources by knowing in advance which passwords can and can not be feasibly cracked, and applying brute force attacks at only the crackable ones.

    5. Re: How useful really is password length? by Bengie · · Score: 2

      With a semi-decent password, knowing the length would still take Universe ages. When it comes to bruteforcing, knowing the length doesn't save much time. Every character added to the password length increases the number of combinations by the magnitude of the alphabet size. Assuming you're using a full 92 char alphabet, lets assume 100 chars, a 12 char password is 100 larger space than 11 chars, and 10,000 larger than 10 chars, and 1,000,000 times larger than 9. Another way to write this. Assume 12 chars is "1". If you knew the password to be 12 chars, then the work would be 1. If you didn't know it was 12 chars and had to go through all of the smaller passwords, then it'll be 1 + 1/100 + 1/10000 + 1/1000000 + etc. As you can see, iterating through the smaller password sizes adds virtually no extra time.

      The main benefits you gain is if you know the person uses certain words, you could limit the word combinations, or you could decide to skip breaking the password because it's too hard.

  2. Only valid for stream ciphers. by guruevi · · Score: 3, Insightful

    Not sure how he would get the results with block ciphers but the paper only describes stream ciphers. That's the reason we don't use stream ciphers for HTTPS but rather block ciphers. Stream ciphers should simply never be used where keys repeat.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
    1. Re:Only valid for stream ciphers. by devman · · Score: 2

      AES-GCM is derived from CTR mode. CTR mode turns a block cipher in to a keystream generator (thus a stream cipher). I haven't fully read the paper though, so I don't know whether this attack applies to block cipher used as stream ciphers.

    2. Re:Only valid for stream ciphers. by guruevi · · Score: 2

      But the predictable stream length attack has been known about since the introduction of stream ciphers. That's why you don't use stream ciphers (or shouldn't at least) to secure predictable content like chunks of websites. You use block ciphers that ALWAYS has the same block size regardless of it's contents.

      AES-GCM seems to be fast-tracked by US governmental agencies with at least one someone trying to (inadvertently?) sneak in an exploit in the OpenSSL implementation. Don't trust new ciphers too quickly, if it's too good to be true...

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
  3. https bicycle attack by PopeRatzo · · Score: 4, Funny

    I think this is taking the Internet of Things too far.

    --
    You are welcome on my lawn.
  4. Re: We need to ban them immediately by Zoxed · · Score: 3, Funny

    > Good citizens should stick to unicycles.

    You have nothing to lose but your chains.