This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
Lucky 13
Lucky 13

Version management

Difference between version and

At line 1 added 22 lines
!!! Overview[1]
[{$pagename}] is an [attack] on [cryptographic] timing [exploit] against implementations of the [Transport Layer Security] ([TLS]) protocol that use the [CBC] mode of operation, first reported in February [2013|Year 2013]
[{$pagename}] [attacks] arise from a [vulnerability] in the [TLS] specification rather than as a [vulnerability] in specific implementations.[2]
[{$pagename}] apply to all [TLS] and [DTLS] implementations that are compliant with [TLS 1.1] or [TLS 1.2], or with [DTLS] 1.0 or 1.2. They also apply to implementations of [SSLv3] and [TLS 1.0] that incorporate countermeasures to previous [Padding bit] oracle [attacks].
!! What are the countermeasures?
There are several possible countermeasures against [{$pagename}] [attacks], some of which are more effective than others:
* Switch to using [RC4] [Cipher Suites]. This should only be seen as a temporary measure, since [RC4] has significant [cryptographic weaknesses|Cryptographically Weak] when it is used in [TLS]. This option is not available for [DTLS].
* Switch to using [AEAD] [Cipher Suites], such as AES-GCM. Support for [AEAD] [Cipher Suites] was specified in [TLS 1.2]
* for the long term is to avoid using [TLS] in [CBC]-mode and to switch to using [AEAD] algorithms.
!! Why are the attacks called "[{$pagename}]"?[2]
In Western culture, 13 is considered an unlucky number. However, the fact that the [TLS] [MAC] calculation includes 13 bytes of [header] information (5 bytes of [TLS] header plus 8 bytes of TLS sequence number) is, in part, what makes the [attacks] possible. So, in the context of our attacks, 13 is lucky - from the attacker's perspective at least. This is what passes for humour amongst cryptographers.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Lucky_Thirteen_attack|Wikipedia:Lucky_Thirteen_attack|target='_blank'] - based on information obtained 2017-06-09-
* [#2] - [Lucky Thirteen: Breaking the TLS and DTLS Record Protocols|http://www.isg.rhul.ac.uk/tls/Lucky13.html|target='_blank'] - based on information obtained 2015-12-07
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop