Tor and the BEAST SSL attack

Posted by tuxchick on Sep 28, 2011 2:12 AM EDT
Tor Project
Mail this story
Print this story

Today, Juliano Rizzo and Thai Duong presented a new attack on TLS <= 1.0 at the Ekoparty security conference in Buenos Aires. Let's talk about how it works, and how it relates to the Tor protocol.

Short version: Don't panic. The Tor software itself is just fine, and the free-software browser vendors look like they're responding well and quickly. I'll be talking about why Tor is fine; I'll bet that the TBB folks will have more to say about browsers sometime soon.

There is some discussion of the attack and responses to it out there already, written by seriously smart cryptographers and high-test browser security people. But I haven't seen anything out there yet that tries to explain what's going on for people who don't know TLS internals and CBC basics.

  Nav
» Read more about: Story Type: News Story, Security; Groups: Community

« Return to the newswire homepage

This topic does not have any threads posted yet!

You cannot post until you login.