AceInfinity
Emeritus, Contributor
A new exploit 'Lucky 13', brings back to life the atrocious padding oracle attack, which exploits a flaw in the highly used SSL/TLS protocol, taking advantage of an authentication check response timing signal difference, for symmetric encryption in CBC mode: ?Lucky Thirteen? attack snarfs cookies protected by SSL encryption | Ars Technica
This is a huge flaw!
The main risk here is existent because the padding in CBC mode is not secured by the message authentication code, and along with this the timing's of the requests responses are taken advantage of to see if the padding check failed, along with the TLS' decryption of the data. MAC gets applied to the sender's data as plaintext, then the padding gets piled on top.
The mistake with the timings, is that the designers of TLS, assumed, that nobody could take advantage of this small enough difference in the timing signals to learn anything about the response, and unfortunately they were wrong based on this new exploit...
Here's a good link I found on this topic: Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
This just goes to show how bad it is to start assuming things in the world of security. You should never do that. It's one of the basic rules of thumb you would (or should) learn if you're just starting to learn about security in my opinion.
This is quite cool though, if you can only imagine how small those differences in the timing requests would be, the fact that we can calculate that small of a difference with today's hardware and technology is "not bad". :)
This is a huge flaw!
The main risk here is existent because the padding in CBC mode is not secured by the message authentication code, and along with this the timing's of the requests responses are taken advantage of to see if the padding check failed, along with the TLS' decryption of the data. MAC gets applied to the sender's data as plaintext, then the padding gets piled on top.
The mistake with the timings, is that the designers of TLS, assumed, that nobody could take advantage of this small enough difference in the timing signals to learn anything about the response, and unfortunately they were wrong based on this new exploit...
Here's a good link I found on this topic: Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
This just goes to show how bad it is to start assuming things in the world of security. You should never do that. It's one of the basic rules of thumb you would (or should) learn if you're just starting to learn about security in my opinion.
This is quite cool though, if you can only imagine how small those differences in the timing requests would be, the fact that we can calculate that small of a difference with today's hardware and technology is "not bad". :)