Follow

Downgrade attack on TLS 1.3 and vulnerabilities in major TLS libraries:

nccgroup.trust/us/about-us/new

– the attack leverages a side-channel leak via cache access timings (in OpenSSL, Amazon s2n, MbedTLS, Apple CoreTLS, Mozilla NSS, WolfSSL, and GnuTLS)
– it affects all TLS versions, including TLS 1.3
– one requirement for the attack are RSA key exchanges

@infosechandbook Ugh. I did not know about the USENIX 2018 IPSEC/IKE paper referenced as previous work: usenix.org/system/files/confer

This looks pretty bad for IKE:
"IKEv1 PSK in aggressive mode can be broken by a passive adversary, and both IKEv1 PSK in main mode and IKEv2 PSK can be broken by an active adversary who acts as a responder."
"[..] we could successfully attack all public key - based variants of IKEv1 and IKEv2 with success probabilities between 7 % and 26% in a single attempt."

Sign in to participate in the conversation
Mastodon

mastodon.at is a microblogging site that federates with most instances on the Fediverse.