Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Transport Layer Security
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===={{Anchor|CRIME attack|BREACH attack|CRIME|BREACH}} CRIME and BREACH attacks====<!--This Anchor tag serves to provide a permanent target for incoming section links. Please do not move it out of the section heading, even though it disrupts edit summary generation (you can manually fix the edit summary before saving your changes). Please do not modify it, even if you modify the section title. It is always best to anchor an old section header that has been changed so that links to it won't be broken. See [[Template:Anchor]] for details. (This text: [[Template:Anchor comment]])--> {{Main|CRIME|BREACH}} The authors of the BEAST attack are also the creators of the later [[CRIME]] attack, which can allow an attacker to recover the content of web cookies when [[data compression]] is used along with TLS.<ref>{{cite web|url=https://arstechnica.com/security/2012/09/crime-hijacks-https-sessions|title=Crack in Internet's foundation of trust allows HTTPS session hijacking|website=Ars Technica|first=Dan|last=Goodin|date=2012-09-13|access-date=2013-07-31|url-status=live|archive-url=https://web.archive.org/web/20130801104610/http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions|archive-date=2013-08-01}}</ref><ref>{{cite web|url=http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312|title=CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions|publisher=ThreatPost|date=September 13, 2012|last=Fisher|first=Dennis|access-date=2012-09-13|url-status=dead|archive-url=https://web.archive.org/web/20120915224635/http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312|archive-date=September 15, 2012}}</ref> When used to recover the content of secret [[authentication cookie]]s, it allows an attacker to perform [[session hijacking]] on an authenticated web session. While the CRIME attack was presented as a general attack that could work effectively against a large number of protocols, including but not limited to TLS, and application-layer protocols such as [[SPDY]] or [[HTTP]], only exploits against TLS and SPDY were demonstrated and largely mitigated in browsers and servers. The CRIME exploit against [[HTTP compression]] has not been mitigated at all, even though the authors of CRIME have warned that this vulnerability might be even more widespread than SPDY and TLS compression combined. In 2013 a new instance of the CRIME attack against HTTP compression, dubbed [[BREACH]], was announced. Based on the CRIME attack a BREACH attack can extract login tokens, email addresses or other sensitive information from TLS encrypted web traffic in as little as 30 seconds (depending on the number of bytes to be extracted), provided the attacker tricks the victim into visiting a malicious web link or is able to inject content into valid pages the user is visiting (ex: a wireless network under the control of the attacker).<ref name=Gooin20130801>{{cite web|last=Goodin|first=Dan|title=Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages|url=https://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages|work=Ars Technica|publisher=Condé Nast|access-date=2 August 2013|date=1 August 2013|url-status=live|archive-url=https://web.archive.org/web/20130803181144/http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages|archive-date=3 August 2013}}</ref> All versions of TLS and SSL are at risk from BREACH regardless of the encryption algorithm or cipher used.<ref>{{cite web|last=Leyden|first=John|title=Step into the BREACH: New attack developed to read encrypted web data|url=https://www.theregister.co.uk/2013/08/02/breach_crypto_attack|work=The Register|access-date=2 August 2013|date=2 August 2013|url-status=live|archive-url=https://web.archive.org/web/20130805233414/http://www.theregister.co.uk/2013/08/02/breach_crypto_attack|archive-date=5 August 2013}}</ref> Unlike previous instances of CRIME, which can be successfully defended against by turning off TLS compression or SPDY header compression, BREACH exploits HTTP compression which cannot realistically be turned off, as virtually all web servers rely upon it to improve data transmission speeds for users.<ref name=Gooin20130801/> This is a known limitation of TLS as it is susceptible to [[chosen-plaintext attack]] against the application-layer data it was meant to protect.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)