Lucky 13 apply to all TLS and DTLS implementations that are compliant with TLS 1.1 or TLS 1.2, or with DTLS 1.0 or 1.2. They also apply to implementations of SSLv3 and TLS 1.0 that incorporate countermeasures to previous Padding bit oracle attacks.
What are the countermeasures? #There are several possible countermeasures against Lucky 13 attacks, some of which are more effective than others:
- Switch to using RC4 Cipher Suites. This should only be seen as a temporary measure, since RC4 has significant cryptographic weaknesses when it is used in TLS. This option is not available for DTLS.
- Switch to using AEAD Cipher Suites, such as AES-GCM. Support for AEAD Cipher Suites was specified in TLS 1.2
- for the long term is to avoid using TLS in CBC-mode and to switch to using AEAD algorithms.
More Information#There might be more information for this subject on one of the following:
- [#1] - Lucky_Thirteen_attack - based on information obtained 2017-06-09-
- [#2] - Lucky Thirteen: Breaking the TLS and DTLS Record Protocols - based on information obtained 2015-12-07