Lucky Thirteen TLS Attack

Discussion in 'other security issues & news' started by EncryptedBytes, Feb 4, 2013.

Thread Status:
Not open for further replies.
  1. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Another method of performing Vaudenay's attack on CBC as used in TLS:

    http://www.isg.rhul.ac.uk/tls/

     
  2. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,097
  3. BoerenkoolMetWorst

    BoerenkoolMetWorst Registered Member

    Joined:
    Dec 22, 2009
    Posts:
    3,767
    Location:
    Outer space
    Re: “Lucky Thirteen” attack snarfs cookies protected by SSL encryption

    The major browser should really start to implement TLS 1.1 and 1.2 and enable them by default. SSL 3.0 is already from 1996, that's 17 years old, which is a century in computing, and TLS 1.0 is only 3 years younger.
     
  4. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
    Researchers Find Hole in TLS, Can Now Snoop on Your Secure Traffic

    Researchers Find Hole in TLS, Can Now Snoop on Your Secure Traffic:
    http://www.hotforsecurity.com/blog/...an-now-snoop-on-your-secure-traffic-5242.html
     
  5. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
  6. TheKid7

    TheKid7 Registered Member

    Joined:
    Jul 22, 2006
    Posts:
    3,469
Loading...
Thread Status:
Not open for further replies.