[cryptography] DTLS implementation attack?

Marsh Ray marsh at extendedsubset.com
Tue Dec 6 11:56:45 EST 2011


Anyone have any more info on this?

Even just a CVE or 'fixed in' version would be helpful.

http://www.isoc.org/isoc/conferences/ndss/12/program.shtml#1a
> Plaintext-Recovery Attacks Against Datagram TLS
>
> Kenneth Paterson and Nadhem Alfardan We describe an efficient and
> full plaintext recovery attack against the OpenSSL implementation of
> DTLS, and an efficient, partial plaintext recovery attack against the
> GnuTLS implementation of DTLS. We discuss the reasons why these
> implementations are insecure, drawing lessons for secure protocol
> design and implementation in general.

Thanks,

- Marsh



More information about the cryptography mailing list