[openssl-users] openSSL and SLOTH attack
Jeffrey Walton
noloader at gmail.com
Sat Jan 9 00:38:10 UTC 2016
On Fri, Jan 8, 2016 at 2:00 PM, Michael Sierchio <kudzu at tenebras.com> wrote:
> 2^48. Which is larger than 248, which was a cut-and-paste error. ;-)
Right.... The bad guy should *not* be able to compute a MAC to perform
the forgery within TCP's 2MSL bound and TLS timers. However, there's a
keep alive the authors used in the past to basically make their attack
windows unbounded in time. From the earlier paper on Logjam
(http://weakdh.org/imperfect-forward-secrecy-ccs15.pdf):
TLS warning alerts. Web browsers tend to have shorter timeouts,
but we can keep their connections alive by sending TLS warning
alerts, which are ignored by the browser but reset the handshake
timer.
As far as I know, there's no interest in fixing it in the TLS working group.
Jeff
More information about the openssl-users
mailing list