Resources
People often ask me "How did you learn how to hack?" The answer: by reading. This page is a collection of the blog posts and other articles that I have accumulated over the years of my journey. Enjoy!
Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E).
Robert Merget + FriendsPosted 5 Years Ago- Black magic timing attack against reused Diffie Hellman (DH) keys in TLS. NOTE: This affects all implementations, as this is a vulnerability against the specification itself.
- The math in the article is beyond my knowledge. So, read the article to understand it yourself. But, I will try to provide an overview of the attack (with NO math) below.
- The essence of the attack is that DH keys do have all leading zeros stripped. Although, figuring out if the start of a key with 'X' number of 0's does not sound very useful, it is a start.
- From there, a well-positioned attacker could view a ClientKeyExchange message which contains g^a. With this, an attacker can construct values LIKE g^a.
- Why is this useful? This can now be created to setup equations for the Hidden Number Problem (HNP).
- What's the impact? People reusing DH(E) keys (about 3% of the internet) are vulnerable to this attack. However, it requires an attacker to be in a VERY well-positioned location for this to work.
- Additionally, the bug with stripping zero bytes in the key affects different libraries in different ways. For whatever reason, a F5 product is vulnerable to this while NOT requiring timing measurements.
- Overall, cryptography is VERY hard to do right! Even if everything algorithmically seems secure, a side channel can come back and steal your trash (Raccoon).
