|
LXer: Tor and the BEAST SSL attack
Published at LXer:
Today, Juliano Rizzo and Thai Duong presented a new attack on TLS [he]lt[/he]= 1.0 at the Ekoparty security conference in Buenos Aires. Let's talk about how it works, and how it relates to the Tor protocol.Short version: Don't panic. The Tor software itself is just fine, and the free-software browser vendors look like they're responding well and quickly. I'll be talking about why Tor is fine; I'll bet that the TBB folks will have more to say about browsers sometime soon.There is some discussion of the attack and responses to it out there already, written by seriously smart cryptographers and high-test browser security people. But I haven't seen anything out there yet that tries to explain what's going on for people who don't know TLS internals and CBC basics. Read More... |
| All times are GMT -5. The time now is 07:06 PM. |