Sale!

LNCS 2729 Password Interception in a SSL TLS Channel 1st Edition by Brice Canvel, Alain Hiltgen, Serge Vaudenay, Martin VuagnouxÂ ISBN 3540451463 9783540451464

Name: LNCS 2729 Password Interception in a SSL TLS Channel 1st Edition by Brice Canvel, Alain Hiltgen, Serge Vaudenay, Martin VuagnouxÂ ISBN 3540451463 9783540451464
SKU: EB-12748
Availability: InStock

Original price was: $50.00.Current price is: $35.00.

Authors:Brice Canvel, Alain Hiltgen, Serge Vaudenay; Martin Vuagnoux , Tags:Advances in Cryptology – CRYPTO 2003 , Author sort:Brice Canvel, Alain Hiltgen, Serge Vaudenay & Vuagnoux, Martin , Languages:Languages:eng , Published:Published:Jun 2003

SKU: EB-12748 Category: eBook PDF Tags: Alain Hiltgen, Brice Canvel, Channel, Interception, LNCS 2729, Martin Vuagnoux, Password, Serge Vaudenay, SSL, TLS

Description

LNCS 2729 – Password Interception in a SSL/TLS Channel 1st Edition by Brice Canvel, Alain Hiltgen, Serge Vaudenay, Martin Vuagnoux – Ebook PDF Instant Download/Delivery. 3540451463, 9783540451464

Full download LNCS 2729 – Password Interception in a SSL/TLS Channel 1st Edition after payment

Product details:

ISBN 10: 3540451463

ISBN 13: 9783540451464

Author: Author

LNCS 2729 – Password Interception in a SSL/TLS Channel 1st Edition:

Simple password authentication is often used e.g. from an email software application to a remote IMAP server. This is frequently done in a protected peer-to-peer tunnel, e.g. by SSL/TLS.

At Eurocrypt’02, Vaudenay presented vulnerabilities in padding schemes used for block ciphers in CBC mode. He used a side channel, namely error information in the padding verification. This attack was not possible against SSL/TLS due to both unavailability of the side channel (errors are encrypted) and premature abortion of the session in case of errors. In this paper we extend the attack and optimize it. We show it is actually applicable against latest and most popular implementations of SSL/TLS (at the time this paper was written) for password interception.

We demonstrate that a password for an IMAP account can be intercepted when the attacker is not too far from the server in less than an hour in a typical setting.

We conclude that these versions of the SSL/TLS implementations are not secure when used with block ciphers in CBC mode and propose ways to strengthen them. We also propose to update the standard protocol.