Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: Triple Handshake Cookie Cutter - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Triple Handshake Cookie Cutter

Researches have released a paper describing several vulnerabilities in TLS (Transport Layer Security). Some of the attacks have been known for a while, but the paper combines and explains them nicely, and also adds a couple of really clever new ideas. The tricks rely on cutting sessions off and re-starting them in a way that client and server end up with a different (security) state. The full research is available here https://secure-resumption.com/. The good news is that (a) the main impact is apparently limited to connections that use client-side certificates, which is rare, and (b) the researchers have informed the browser vendors early on, and some browsers and TLS libraries are already patched.

Daniel

367 Posts
ISC Handler
Rare is not unimportant. Client side certificates are important for the more sensitive applications, such as firmware reflashing of modern avionics gear!
Moriah

133 Posts
Some encryption and authentication certificates are picked up using sessions with client side certificates.
G.Scott H.

48 Posts

Sign Up for Free or Log In to start participating in the conversation!