[openssl-users] openSSL and SLOTH attack

Jeffrey Walton noloader at gmail.com
Sat Jan 9 00:38:10 UTC 2016

On Fri, Jan 8, 2016 at 2:00 PM, Michael Sierchio <kudzu at tenebras.com> wrote:
> 2^48. Which is larger than 248, which was a cut-and-paste error. ;-)

Right.... The bad guy should *not* be able to compute a MAC to perform
the forgery within TCP's 2MSL bound and TLS timers. However, there's a
keep alive the authors used in the past to basically make their attack
windows unbounded in time. From the earlier paper on Logjam

    TLS warning alerts. Web browsers tend to have shorter timeouts,
    but we can keep their connections alive by sending TLS warning
    alerts, which are ignored by the browser but reset the handshake

As far as I know, there's no interest in fixing it in the TLS working group.


More information about the openssl-users mailing list