Raccoon Attack: Researchers Find A Vulnerability in TLS 1.2 and lower

It is time to jump to TLS 1.3 only. But still too many are using even 1.0.
If you want to check few websites go to ssllabs.com and check

 
See our website. Some suggestions? Use the comments below.

I decided to hop on 1.3 only. Currently its 1.2 and 1.3. So, if you can't reached the site next week, you should update your browser. No updates available? Then install Arch - PwOSS ISO.

 

Dubbed "Raccoon Attack," the server-side attack exploits a side-channel in the cryptographic protocol (versions 1.2 and lower) to extract the shared secret key used for secure communications between two parties.
 
"The root cause for this side channel is that the TLS standard encourages non-constant-time processing of the DH secret," the researchers explained their findings in a paper. "If the server reuses ephemeral keys, this side channel may allow an attacker to recover the premaster secret by solving an instance of the Hidden Number Problem."

 

More at thehackernews.com

Leave a Reply

Your email address will not be published. Required fields are marked *