IWETHEY v. 0.3.0 | TODO
1,095 registered users | 0 active users | 2 LpH | Statistics
Login | Create New User
IWETHEY Banner

Welcome to IWETHEY!

IWETHEY Home / IWETHEY Board / Security Forum / What's wrong with cipher block chaining?
Post #396,709
by static
Picture of static
11/30/14 5:51:37 PM
Reply
New What's wrong with cipher block chaining?
Post #396,714
by scoenye
11/30/14 6:50:00 PM
Reply
New As used in SSLv3/TLS1.0
In that specific case, it is vulnerable to the BEAST attack. The attacker still needs to be able to insert self as man-in-the-middle, so it is not entirely trivial to pull off.

The general vulnerability lies in the use of an initialization vector for the first block only. As subsequent blocks reuse the output of the previous step, those quantities are known. TLS1.1 and beyond use separate initialization vectors for each block. Technically, the mode is still called cipher block chaining, but there is not a lot of chaining going on anymore.
Post #396,717
by static
Picture of static
11/30/14 7:10:38 PM
Reply
New Ah. Understood.
     geriactic brain needs some input regards encryption - (boxley) - (20) - Nov. 28, 2014, 10:51:03 PM EST
         First step in writing your own encryption algorithm ... - (drook) - (2) - Nov. 28, 2014, 11:21:37 PM EST
             And this... :-) -NT - (scoenye) - Nov. 29, 2014, 12:11:25 AM EST
             In other words: - (static) - Nov. 29, 2014, 06:37:04 AM EST
         It is different - (scoenye) - (9) - Nov. 29, 2014, 12:10:56 AM EST
             Ah, a usefull reply - (boxley) - (8) - Nov. 29, 2014, 09:21:58 AM EST
                 Hey, mine was useful! - (drook) - (1) - Nov. 29, 2014, 12:36:01 PM EST
                     Me too. :-) -NT - (Another Scott) - Nov. 29, 2014, 01:03:33 PM EST
                 Something like this? - (scoenye) - (2) - Nov. 30, 2014, 10:54:57 AM EST
                     Love. It. Best hopeful-Aha! in a long time :-) - (Ashton) - Nov. 30, 2014, 06:26:29 PM EST
                     enough like it to require a licence :-( -NT - (boxley) - Nov. 30, 2014, 08:17:06 PM EST
                 What's wrong with cipher block chaining? -NT - (static) - (2) - Nov. 30, 2014, 05:51:37 PM EST
                     As used in SSLv3/TLS1.0 - (scoenye) - (1) - Nov. 30, 2014, 06:50:00 PM EST
                         Ah. Understood. -NT - (static) - Nov. 30, 2014, 07:10:38 PM EST
         A more generic tool... - (Another Scott) - (6) - Nov. 29, 2014, 09:35:36 AM EST
             good link, thanks - (boxley) - (5) - Nov. 29, 2014, 09:44:45 AM EST
                 There is only one unbreakable cypher - (pwhysall) - (4) - Nov. 29, 2014, 03:58:04 PM EST
                     my idea is to create an EOTP -NT - (boxley) - (3) - Nov. 29, 2014, 04:32:12 PM EST
                         Two things. - (a6l6e6x) - (2) - Nov. 30, 2014, 06:25:12 PM EST
                             Or in related puzzlements, - (Ashton) - Nov. 30, 2014, 06:35:47 PM EST
                             It is mainly a key transport problem - (scoenye) - Nov. 30, 2014, 08:06:17 PM EST

It was a good party...
89 ms