[cryptography] Duong-Rizzo TLS attack (was 'Re: SSL is not "broken by design"')

Kevin W. Wall kevin.w.wall at gmail.com
Mon Sep 19 14:57:21 EDT 2011

On Mon, Sep 19, 2011 at 12:42 PM, Marsh Ray <marsh at extendedsubset.com> wrote:
> IMHO, as far as crypto protocols go the TLS protocol itself is pretty solid
> as long as the endpoints restrict themselves to negotiating the right
> options.
> On that note, there's a little more info coming out on the Duong-Rizzo
> attack:
> http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091611

So does anyone know anymore details on this? Specifically is it an
implementation flaw or a design flaw?

Duong & Rizzo's previous work relied on padding oracle attacks whereas
this one is categorized as a chosen-plaintext attack, so it looks like it's
not building on their previous work.

Lastly, would anyone care to speculate whether (for instance) using RC4
intead of AES/CBC protect you from this chosen-plaintext attack? The
article cited by the URL that Marsh mentioned only mentions AES
so perhaps other cipher choices are immune. Just not a lot of details
available yet. Guess will have to wait until Friday.

Blog: http://off-the-wall-security.blogspot.com/
"The most likely way for the world to be destroyed, most experts agree,
is by accident. That's where we come in; we're computer professionals.
We *cause* accidents."        -- Nathaniel Borenstein

More information about the cryptography mailing list