[cryptography] Duong-Rizzo TLS attack (was 'Re: SSL is not "broken by design"')
Kevin W. Wall
kevin.w.wall at gmail.com
Mon Sep 19 14:57:21 EDT 2011
On Mon, Sep 19, 2011 at 12:42 PM, Marsh Ray <marsh at extendedsubset.com> wrote:
> IMHO, as far as crypto protocols go the TLS protocol itself is pretty solid
> as long as the endpoints restrict themselves to negotiating the right
> On that note, there's a little more info coming out on the Duong-Rizzo
So does anyone know anymore details on this? Specifically is it an
implementation flaw or a design flaw?
Duong & Rizzo's previous work relied on padding oracle attacks whereas
this one is categorized as a chosen-plaintext attack, so it looks like it's
not building on their previous work.
Lastly, would anyone care to speculate whether (for instance) using RC4
intead of AES/CBC protect you from this chosen-plaintext attack? The
article cited by the URL that Marsh mentioned only mentions AES
so perhaps other cipher choices are immune. Just not a lot of details
available yet. Guess will have to wait until Friday.
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents." -- Nathaniel Borenstein
More information about the cryptography