<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview[1]
[{$pagename}] is an [attack] on [cryptographic] timing [exploit] against implementations of the [Transport Layer Security] ([TLS]) protocol that use the [CBC] mode of operation, first reported in February [2013|Year 2013]

[{$pagename}] [attacks] arise from a [vulnerability] in the [TLS] specification rather than as a [vulnerability] in specific implementations.[2]

[{$pagename}] apply to all [TLS] and [DTLS] implementations that are compliant with [TLS 1.1] or [TLS 1.2], or with [DTLS] 1.0 or 1.2. They also apply to implementations of [SSLv3] and [TLS 1.0] that incorporate countermeasures to previous [Padding bit] oracle [attacks].

!! What are the countermeasures? 
There are several possible countermeasures against [{$pagename}] [attacks], some of which are more effective than others:
* Switch to using [RC4] [Cipher Suites]. This should only be seen as a temporary measure, since [RC4] has significant [cryptographic weaknesses|Cryptographically Weak] when it is used in [TLS]. This option is not available for [DTLS].
* Switch to using [AEAD] [Cipher Suites], such as AES-GCM. Support for [AEAD] [Cipher Suites] was specified in [TLS 1.2]
* for the long term is to avoid using [TLS] in [CBC]-mode and to switch to using [AEAD] algorithms.

!! Why are the attacks called &quot;[{$pagename}]&quot;?[2]
In Western culture, 13 is considered an unlucky number. However, the fact that the [TLS] [MAC] calculation includes 13 bytes of [header] information (5 bytes of [TLS] header plus 8 bytes of TLS sequence number) is, in part, what makes the [attacks] possible. So, in the context of our attacks, 13 is lucky - from the attacker's perspective at least. This is what passes for humour amongst cryptographers.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Lucky_Thirteen_attack|Wikipedia:Lucky_Thirteen_attack|target='_blank'] - based on information obtained 2017-06-09- 
* [#2] - [Lucky Thirteen: Breaking the TLS and DTLS Record Protocols|http://www.isg.rhul.ac.uk/tls/Lucky13.html|target='_blank'] - based on information obtained 2015-12-07
</pre>