Variation of 19-Year-Old Cryptographic Attack Affects Facebook, PayPal, Others

Discussion in 'News Archive' started by Solarquest, Dec 12, 2017.

  1. Solarquest

    Solarquest Moderator
    Staff Member AV Tester

    Jul 22, 2014
    Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions.

    Named ROBOT, which stands for Return Of Bleichenbacher's Oracle Threat, this new attack is a variation of the Bleichenbacher attack on the RSA algorithm discovered almost two decades ago.

    The original Bleichenbacher attack
    Back in 1998, Daniel Bleichenbacher of Bell Laboratories discovered a bug in how TLS servers operate when server owners choose to encrypt server-client key exchanges with the RSA algorithm.

    By default, before a client (browser) and a server start communicating via HTTPS, the client will choose a random session key that it will encrypt with the server's publicly-advertised key. This encrypted session key is sent to the server, which uses its private key to decrypt the message and save a copy of the session key that it will later use to identify each client.

    Because RSA is not a secure algorithm, it also uses a padding system to add an extra layer of random bits on top of the encrypted session key.

    Bleichenbacher discovered that if the session key was encrypted with the RSA algorithm and the padding system was PKCS #1 1.5, an attacker could simply send a random session key to the TLS server and ask if it was valid. The server would respond with a simple "yes" or "no."

    This meant that by the means of a simple brute-force attack, an attacker could guess the session key and decrypt all HTTPS messages exchanged between the TLS (HTTPS) server and the client (browser).

    Bleichenbacher attack protection measures failed
    In2an3_PpG and harlan4096 like this.
  • About Us

    Our community has been around since 2010, and we pride ourselves on offering unbiased, critical discussion among people of all different backgrounds about security and technology . We are working every day to make sure our community is one of the best.
  • Need Malware Removal Help?

    If you're being redirected from a site you’re trying to visit, seeing constant pop-up ads, unwanted toolbars or strange search results, your computer may be infected with malware. We offer free malware removal assistance to our members in the Malware Removal Assistance forum.
  • Quick Tip

    Without meaning to, you may click a link that installs malware on your computer. To keep your computer safe, only click links and downloads from sites that you trust. Don’t open any unknown file types, or download programs from pop-ups that appear in your browser.