Jump to content

Malwarebytes

Boffins 'crack' HTTPS encryption in Lucky Thirteen attack

Started by ShyWriter, Feb 06 2013 07:38 PM

  • This topic is locked This topic is locked
No replies to this topic

#1
ShyWriter
Posted 06 February 2013 - 07:38 PM

    Forum Deity

  • Software Updaters
  • PipPipPipPipPipPip
  • 6,296 posts
  • Gender:Male
.
Boffins 'crack' HTTPS encryption in Lucky Thirteen attack

by Paul Ducklin on February 7, 2013


Posted Image


The security of online transactions is again in the spotlight as a pair of UK cryptographers take aim at TLS.

TLS, or Transport Layer Security, is the successor to SSL, or Secure Sockets Layer.

It's the system that puts the S into HTTPS (that's the padlock you see on secure websites), and provides the security for many other protocols, too.

Like 2011's infamous BEAST attack, it has a groovy name: Lucky Thirteen.

Posted Image


The name comes from the fact that encrypted TLS packets have thirteen header bytes that are consumed in one of the cryptographic calculations on which TLS relies. (More...)

Read more on this "crack" at: http://nakedsecurity.sophos.com/2013/02/07/boffins-crack-https-encryptionin-lucky-thirteen-attack/

Steve

.

Posted Image

Back to Security Alerts · Next Unread Topic →


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Malwarebytes Forum
  2. Software Updates and Alerts
  3. Security Alerts

Products

About

Partners

Follow Us