ImperialViolet – Chrome and the BEAST

Thai Duong and Juliano Rizzo today demoed an attack against TLS 1.0s use of cipher block chaining CBC in a browser environment. The authors contacted browser vendors several months ago about this and so, in order not to preempt their demo, I havent discussed any details until now.

Contrary to several press reports, Duong and Rizzo have not found, nor do they claim, any new flaws in TLS. They have shown a concrete proof of concept for a flaw in CBC that, sadly, has a long history. Early reports of the problem date back nearly ten years ago and Bard published two papers detailing the problem.

via ImperialViolet – Chrome and the BEAST.






Leave a Reply

Your email address will not be published. Required fields are marked *