DROWN: Breaking TLS Using SSLv2

Maik Dankel
Maik Dankel
Jens Steube
Jens Steube
Luke Valenta
Luke Valenta
Viktor Dukhovni
Viktor Dukhovni
Shaanan Cohney
Shaanan Cohney

USENIX Security Symposium, pp. 689-706, 2016.

Cited by: 152|Bibtex|Views69
EI
Other Links: dblp.uni-trier.de|academic.microsoft.com

Abstract:

We present DROWN, a novel cross-protocol attack on TLS that uses a server supporting SSLv2 as an oracle to decrypt modern TLS connections. We introduce two versions of the attack. The more general form exploits multiple unnoticed protocol flaws in SSLv2 to develop a new and stronger variant of the Bleichenbacher RSA padding-oracle attack....More

Code:

Data:

Your rating :
0

 

Tags
Comments