httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <>
Subject Re: breach attack
Date Sat, 10 Aug 2013 16:19:15 GMT

On 10 Aug 2013, at 18:14, "Steinar H. Gunderson" <> wrote:

> On Sat, Aug 10, 2013 at 06:11:09PM +0200, Dirk-Willem van Gulik wrote:
>> I'd keep in mind that compression is simply an amplifier for this type of
>> attack. It makes the approach more effective. But it is not essential; when
>> you have in essence a largely known plaintext surrounding a short secret
>> and an oracle. And the latter is not going to go away - current dominant
>> site development models will make this worse; as do current operational
>> models w.r.t. to picking such up early.
> Wait, what's the oracle if there's no compression?

As as ultimately before - the origin server (and/or the traffic you compare it to). Granted
- doing this raw is not that feasible for large key lengths - but even some slight weakness
elsewhere (could be as silly as a render/timing change in the browser) will help.

View raw message