Showing posts with label chosen ciphertext attack. Show all posts
Showing posts with label chosen ciphertext attack. Show all posts

Wednesday, 2 March 2016

DROWN - Another Blast From The Past

The last 24 hours has seen a lot of concern raised about the latest, widespread, vulnerability to be disclosed: DROWN.  The extent of the vulnerability is quite staggering with up to 33% of all HTTPS sites potentially vulnerable.  Let that just sink in for a moment: 33%.

The attack relies upon well known weaknesses in SSLversion2 renamed in later version as Transport Layer Security (TLS).  Attacks against SSL of this type were published many years ago (late nineties) by the eponymous Daniel Bleichenbacher (he actually used SSL v3 to exemplify his attacks) and, although these attacks against a particular form of RSA bear his name, it is a form of chosen ciphertext attack.



So far, so technical. Now to discuss the elephant in the room.

Read more »
Posted by at
Labels: , ,
Subscribe to: Posts (Atom)