HTTPS attack uncovered: can guess your secrets

[jes]

New HTTPS attack can guess your secrets: report

A new exploit called BREACH can decode data encrypted with TLS and SSL in as little as 30 seconds, Ars Technica reports

 

[koeksGHT]

Whoops

 

[ToxicBunny]

Is a very interesting method..

But it doesn't reveal the SSL traffic (for those who don't feel like reading the article), it deduces things from changes in size of packets returned etc etc...

 

[Pada]

This was one of the better briefings/demos that I saw at Black Hat.

Technically it cannot decrypt your SSL/TLS/HTTPS data. Its a XSS (Cross Site Scripting) exploit where they can brute force secrets/tokens stored in the HTML source.

It was pretty impressive that they brute force a session token for Microsoft Outlook Web Access within 40 seconds and less than 1200 web requests!
The other cool thing about this attack is that they don't have to do a complicated MITM (man in the middle) attack to obtain those secrets.

This hack, in combination with other browser history discovery hacks that they demonstrated at Black Hat, would be pretty potent!

What they didn't say clearly in this news post, is that this attack requires the browser and webserver using compression. So if you disable compression on your browser, you will mitigate this attack. The same goes for disabling compression on the web server (both for content and TLS).

 

[Gnome]

Hmm, interesting.

It is probably possible to negate this by adding an element of randomness to your content before compressing. Use a secure number generator, add some kind of arbitrary data, then compress.

 

[Pada]

Hmm, interesting.

It is probably possible to negate this by adding an element of randomness to your content before compressing. Use a secure number generator, add some kind of arbitrary data, then compress.

Sure you can, but that would only prolong the process. Doing this is like #6 on their mitigation list.

Read more on http://breachattack.com/

The mitigations are ordered by effectiveness (not by their practicality - as this may differ from one application to another).

1. Disabling HTTP compression
2. Separating secrets from user input
3. Randomizing secrets per request
4. Masking secrets (effectively randomizing by XORing with a random secret per request)
5. Protecting vulnerable pages with CSRF
6. Length hiding (by adding random amount of bytes to the responses)
7. Rate-limiting the requests