751:
64:"In this sense, the attacks do not pose a significant danger to ordinary users of TLS in their current form. However, it is a truism that attacks only get better with time, and we cannot anticipate what improvements to our attacks, or entirely new attacks, may yet be discovered." — Nadhem J. AlFardan and Kenny Paterson
68:
The researchers only examined Free
Software implementations of TLS and found all examined products to be potentially vulnerable to the attack. They have tested their attacks successfully against OpenSSL and GnuTLS. Because the researchers applied
457:
333:
278:
284:
32:
mode of operation, first reported in
February 2013 by its developers Nadhem J. AlFardan and Kenny Paterson of the Information Security Group at
428:
272:
60:(MAC) check stage in the TLS algorithm to break the algorithm in a way that was not fixed by previous attempts to mitigate Vaudenay's attack.
788:
100:
33:
729:
550:
366:
822:
472:
260:
231:
693:
385:
73:
and worked with the software vendors, some software updates to mitigate the attacks were available at the time of publication.
807:
698:
295:
812:
510:
480:
379:
126:
827:
490:
360:
57:
817:
671:
434:
53:
781:
530:
462:
401:
651:
614:
581:
254:
240:
25:
412:
396:
301:
391:
355:
266:
70:
203:
76:
Martin R. Albrecht and
Paterson have since demonstrated a variant Lucky Thirteen attack against Amazon's
619:
339:
224:
49:
29:
774:
635:
350:
80:
TLS implementation, even though s2n includes countermeasures intended to prevent timing attacks.
586:
312:
154:
758:
591:
407:
345:
217:
317:
45:
801:
372:
307:
21:
666:
440:
713:
130:
708:
520:
485:
177:"Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS"
750:
525:
515:
500:
565:
560:
545:
535:
723:
676:
656:
555:
540:
505:
176:
101:""Lucky Thirteen" attack snarfs cookies protected by SSL encryption"
703:
661:
495:
290:
213:
209:
77:
127:"Lucky Thirteen: Breaking the TLS and DTLS Record Protocols"
52:
that was previously thought to have been fixed, that uses a
125:
Nadhem J. AlFardan; Kenneth G. Paterson (4 February 2013).
143:
Includes list of which software versions are vulnerable.
762:
129:. Royal Holloway, University of London. Archived from
686:
644:
628:
607:
600:
574:
471:
450:
421:
326:
247:
120:
118:
255:Transport Layer Security / Secure Sockets Layer
94:
92:
782:
458:Export of cryptography from the United States
225:
8:
334:Automated Certificate Management Environment
789:
775:
604:
279:DNS-based Authentication of Named Entities
232:
218:
210:
206:, Nikos Mavrogiannopoulos, 5 February 2013
175:Albrecht, Martin R.; Paterson, Kenneth G.
285:DNS Certification Authority Authorization
757:This cryptography-related article is a
88:
429:Domain Name System Security Extensions
273:Application-Layer Protocol Negotiation
7:
747:
745:
34:Royal Holloway, University of London
204:Time is money (in CBC ciphersuites)
761:. You can help Knowledge (XXG) by
367:Online Certificate Status Protocol
155:"Lucky Thirteen attack on TLS CBC"
14:
261:Datagram Transport Layer Security
749:
694:Certificate authority compromise
153:Adam Langley (4 February 2013).
699:Random number generator attacks
386:Extended Validation Certificate
24:against implementations of the
296:HTTP Strict Transport Security
99:Dan Goodin (4 February 2013).
1:
380:Domain-validated certificate
28:(TLS) protocol that use the
361:Certificate revocation list
58:message authentication code
844:
744:
435:Internet Protocol Security
248:Protocols and technologies
54:timing side-channel attack
463:Server-Gated Cryptography
402:Public key infrastructure
327:Public-key infrastructure
181:Cryptology ePrint Archive
823:Transport Layer Security
615:Man-in-the-middle attack
582:Certificate Transparency
26:Transport Layer Security
726:(in regards to TLS 1.0)
679:(in regards to SSL 3.0)
413:Self-signed certificate
397:Public-key cryptography
318:Perfect forward secrecy
302:HTTP Public Key Pinning
44:It is a new variant of
730:Kazakhstan MITM attack
392:Public key certificate
356:Certificate revocation
267:Server Name Indication
71:responsible disclosure
66:
808:Cryptographic attacks
719:Lucky Thirteen attack
620:Padding oracle attack
340:Certificate authority
62:
50:padding oracle attack
18:Lucky Thirteen attack
813:Side-channel attacks
20:is a cryptographic
828:Cryptography stubs
636:Bar mitzvah attack
351:Certificate policy
818:2013 in computing
770:
769:
742:
741:
738:
737:
313:Opportunistic TLS
835:
791:
784:
777:
753:
746:
605:
592:HTTPS Everywhere
408:Root certificate
346:CA/Browser Forum
234:
227:
220:
211:
192:
191:
189:
187:
172:
166:
165:
163:
161:
150:
144:
142:
140:
138:
122:
113:
112:
110:
108:
96:
843:
842:
838:
837:
836:
834:
833:
832:
798:
797:
796:
795:
743:
734:
682:
640:
624:
601:Vulnerabilities
596:
570:
473:Implementations
467:
446:
417:
322:
243:
238:
200:
195:
185:
183:
174:
173:
169:
159:
157:
152:
151:
147:
136:
134:
124:
123:
116:
106:
104:
98:
97:
90:
86:
42:
12:
11:
5:
841:
839:
831:
830:
825:
820:
815:
810:
800:
799:
794:
793:
786:
779:
771:
768:
767:
754:
740:
739:
736:
735:
733:
732:
727:
721:
716:
711:
706:
701:
696:
690:
688:
687:Implementation
684:
683:
681:
680:
674:
669:
664:
659:
654:
648:
646:
642:
641:
639:
638:
632:
630:
626:
625:
623:
622:
617:
611:
609:
602:
598:
597:
595:
594:
589:
584:
578:
576:
572:
571:
569:
568:
563:
558:
553:
548:
543:
538:
533:
528:
523:
518:
513:
508:
503:
498:
493:
488:
483:
477:
475:
469:
468:
466:
465:
460:
454:
452:
448:
447:
445:
444:
438:
432:
425:
423:
419:
418:
416:
415:
410:
405:
399:
394:
389:
383:
377:
376:
375:
370:
364:
353:
348:
343:
337:
330:
328:
324:
323:
321:
320:
315:
310:
305:
299:
293:
288:
282:
276:
270:
264:
258:
251:
249:
245:
244:
239:
237:
236:
229:
222:
214:
208:
207:
199:
198:External links
196:
194:
193:
167:
145:
133:on 2 July 2013
114:
103:. Ars Technica
87:
85:
82:
46:Serge Vaudenay
41:
38:
13:
10:
9:
6:
4:
3:
2:
840:
829:
826:
824:
821:
819:
816:
814:
811:
809:
806:
805:
803:
792:
787:
785:
780:
778:
773:
772:
766:
764:
760:
755:
752:
748:
731:
728:
725:
722:
720:
717:
715:
712:
710:
707:
705:
702:
700:
697:
695:
692:
691:
689:
685:
678:
675:
673:
670:
668:
665:
663:
660:
658:
655:
653:
650:
649:
647:
643:
637:
634:
633:
631:
627:
621:
618:
616:
613:
612:
610:
606:
603:
599:
593:
590:
588:
585:
583:
580:
579:
577:
573:
567:
564:
562:
559:
557:
554:
552:
549:
547:
544:
542:
539:
537:
534:
532:
529:
527:
524:
522:
519:
517:
514:
512:
509:
507:
504:
502:
499:
497:
494:
492:
489:
487:
484:
482:
481:Bouncy Castle
479:
478:
476:
474:
470:
464:
461:
459:
456:
455:
453:
449:
442:
439:
436:
433:
430:
427:
426:
424:
420:
414:
411:
409:
406:
403:
400:
398:
395:
393:
390:
387:
384:
381:
378:
374:
373:OCSP stapling
371:
368:
365:
362:
359:
358:
357:
354:
352:
349:
347:
344:
341:
338:
335:
332:
331:
329:
325:
319:
316:
314:
311:
309:
308:OCSP stapling
306:
303:
300:
297:
294:
292:
289:
286:
283:
280:
277:
274:
271:
268:
265:
262:
259:
256:
253:
252:
250:
246:
242:
235:
230:
228:
223:
221:
216:
215:
212:
205:
202:
201:
197:
182:
178:
171:
168:
156:
149:
146:
132:
128:
121:
119:
115:
102:
95:
93:
89:
83:
81:
79:
74:
72:
65:
61:
59:
55:
51:
47:
39:
37:
35:
31:
27:
23:
22:timing attack
19:
763:expanding it
756:
718:
441:Secure Shell
184:. Retrieved
180:
170:
158:. Retrieved
148:
135:. Retrieved
131:the original
105:. Retrieved
75:
67:
63:
56:against the
43:
17:
15:
587:Convergence
241:TLS and SSL
186:24 November
802:Categories
714:Heartbleed
160:4 February
107:4 February
84:References
709:goto fail
521:MatrixSSL
486:BoringSSL
257:(TLS/SSL)
645:Protocol
575:Notaries
551:SChannel
526:mbed TLS
516:LibreSSL
501:cryptlib
431:(DNSSEC)
422:See also
566:wolfSSL
561:stunnel
546:s2n-tls
536:OpenSSL
451:History
437:(IPsec)
137:21 June
724:POODLE
677:POODLE
672:Logjam
657:BREACH
629:Cipher
608:Theory
556:SSLeay
541:Rustls
506:GnuTLS
369:(OCSP)
336:(ACME)
304:(HPKP)
298:(HSTS)
281:(DANE)
275:(ALPN)
263:(DTLS)
40:Attack
704:FREAK
667:DROWN
662:CRIME
652:BEAST
496:BSAFE
491:Botan
443:(SSH)
404:(PKI)
363:(CRL)
291:HTTPS
287:(CAA)
269:(SNI)
759:stub
511:JSSE
388:(EV)
382:(DV)
342:(CA)
188:2015
162:2013
139:2013
109:2013
531:NSS
78:s2n
48:'s
30:CBC
804::
179:.
117:^
91:^
36:.
16:A
790:e
783:t
776:v
765:.
233:e
226:t
219:v
190:.
164:.
141:.
111:.
Text is available under the Creative Commons Attribution-ShareAlike License. Additional terms may apply.