Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.

New Raccoon Attack Can Allow Decryption of TLS Connections

posted by Fnord666 on Friday September 11 2020, @03:29PM   Printer-friendly
from the theoretical-but-not-practical dept.
Security

upstart writes in with an IRC submission:

New Raccoon Attack Can Allow Decryption of TLS Connections:

Researchers from universities in Germany and Israel have disclosed the details of a new timing attack that could allow malicious actors to decrypt TLS-protected communications.

Named "Raccoon," the attack has been described as complex and the vulnerability is "very hard to exploit." While most users should probably not be concerned about Raccoon, several major software vendors have released patches and mitigations to protect customers.

Raccoon can allow a man-in-the-middle (MitM) attacker to crack encrypted communications that could contain sensitive information. However, the attack is only successful if the targeted server reuses public Diffie-Hellman (DH) keys in the TLS handshake (i.e. the server uses static or ephemeral cipher suites such as TLS-DH or TLS-DHE), and if the attacker can conduct precise timing measurements.

[...] "For a real attacker, this is a lot to ask for. However, in comparison to what an attacker would need to do to break modern cryptographic primitives like AES, the attack does not look complex anymore. But still, a real-world attacker will probably use other attack vectors that are simpler and more reliable than this attack," they explained.

The underlying vulnerability has existed for over 20 years, and it was fixed with the release of TLS 1.3.

[...] Additional details on the Raccoon attack are available on raccoon-attack.com. The researchers also plan on releasing a tool that can be used to check if a server is vulnerable. In the meantime, they recommend Qualys' SSL Server Test — a server could be affected if the result of "DH public server param (Ys) reuse" is "yes."

Original Submission

This discussion has been archived. No new comments can be posted.
New Raccoon Attack Can Allow Decryption of TLS Connections | Log In/Create an Account | Top | 2 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 3, Informative) by driverless on Saturday September 12 2020, @03:13AM (1 child)

    by driverless (4770) on Saturday September 12 2020, @03:13AM (#1049801)

    You actually have to put in a considerable effort to get it wrong in order to be vulnerable to this attack. It relies on an implementation cacheing and re-using the only-use-once secret value, you actually need to work harder to get it wrong than you do to get it right.

    Needless to say, F5 devices are the main ones that are vulnerable. There's actually a standards-track RFC [ietf.org] that exists solely to work around F5 bugs.

    • (Score: 1, Interesting) by Anonymous Coward on Monday September 14 2020, @04:34AM

      by Anonymous Coward on Monday September 14 2020, @04:34AM (#1050627)

      Trumpeting this out in public is google's attempt to push everyone onto TLS 1.3 which has already had at least one major flaw discovered in it. If you knew that TLS 1.2 was pretty good and you needed a whole new generation of flaws, well TLS 1.3 might allow that. Not unlike the tls-heartbeat implementation that was connection to a developer who had pushed other questionable security implementations into openssl over the years....

(1)