Web - BEAST: Surprising crypto attack against HTTPS | artodeto's blog about coding, politics and the world

Web - BEAST: Surprising crypto attack against HTTPS

Posted by artodeto on Tuesday, September 20. 2011

Shouldn't be that nice if it is true. Especially "block-wise chosen-plaintext attack" brings my knees to shiver :-O.

We present a new fast block-wise chosen-plaintext attack against SSL/TLS. We also describe one application of the attack that allows an adversary to efficiently decrypt and obtain authentication tokens and cookies from HTTPS requests. Our exploit abuses a vulnerability present in the SSL/TLS implementation of major Web browsers at the time of writing.

source

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as Linear | Threaded

No comments

Add Comment

Name

Homepage

Comment

In reply to

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.

To leave a comment you must approve it via e-mail, which will be sent to your address after submission.

To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly.
CAPTCHA

Enter the string from the spam-prevention image above:

Markdown format allowed

Form options

Remember Information?