Boffins 'crack' HTTPS encryption in Lucky Thirteen attack
by Paul Ducklin on February 7, 2013
The security of online transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS.
TLS, or Transport Layer Security, is the successor to SSL, or Secure Sockets Layer.
It's the system that puts the S into HTTPS (that's the padlock you see on secure websites), and provides the security for many other protocols, too.
Like 2011's infamous BEAST attack, it has a groovy name: Lucky Thirteen.
The name comes from the fact that encrypted TLS packets have thirteen header bytes that are consumed in one of the cryptographic calculations on which TLS relies. (More...)
Read more on this "crack" at: http://nakedsecurity.sophos.com/2013/02/07/boffins-crack-https-encryptionin-lucky-thirteen-attack/