Security

CBC Attack on TLS 1.0

Leave a comment

Nice summary by Adam Langley

Thai Duong and Juliano Rizzo today demoed an attack against TLS 1.0’s use of cipher block chaining (CBC) in a browser environment. The authors contacted browser vendors several months ago about this and so, in order not to preempt their demo, I haven’t discussed any details until now.

Contrary to several press reports, Duong and Rizzo have not found, nor do they claim, any new flaws in TLS. They have shown a concrete proof of concept for a flaw in CBC that, sadly, has a long history. Early reports of the problem date back nearly ten years ago and Bard published two papers detailing the problem.

The problem has been fixed in TLS 1.1 and a workaround for SSL 3.0 and TLS 1.0 is known, so why is this still an issue?

Bottom line is that researchers have proven elements of a theoretical flaw in block ciphers (stream ciphers like RC4 are not affected) but their method is still more difficult to wage than other more common attacks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.