Skip to content

Web - BEAST: Surprising crypto attack against HTTPS

Shouldn't be that nice if it is true. Especially "block-wise chosen-plaintext attack" brings my knees to shiver :-O.

We present a new fast block-wise chosen-plaintext attack against SSL/TLS. We also describe one application of the attack that allows an adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests. Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing.