{"id":37044,"date":"2020-09-09T23:01:37","date_gmt":"2020-09-09T23:01:37","guid":{"rendered":"http:\/\/842deb89-39fd-4986-a42a-a6bbbf1ec4bd"},"modified":"2020-09-09T23:01:37","modified_gmt":"2020-09-09T23:01:37","slug":"raccoon-attack-allows-hackers-to-break-tls-encryption-under-certain-conditions","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/raccoon-attack-allows-hackers-to-break-tls-encryption-under-certain-conditions\/","title":{"rendered":"Raccoon attack allows hackers to break TLS encryption ‘under certain conditions’"},"content":{"rendered":"
\"Racoon<\/span>
<\/span> Image: Merget et al. <\/span><\/figcaption><\/figure>\n

A team of academics has disclosed today a theoretical attack on the TLS cryptographic protocol that can be used to decrypt the HTTPS connection between users and servers and read sensitive communications.<\/p>\n

Named Raccoon<\/strong>, the attack has been described as “really hard to exploit<\/em>” and its underlying conditions as “rare<\/em>.”<\/p>\n

How the Raccoon attack works<\/h2>\n

According to a paper published today, the Raccoon attack is, at its base, a timing attack<\/a>, where a malicious third-party measures the time needed to perform known cryptographic operations in order to determine parts of the algorithm.<\/p>\n

In the case of a Raccoon attack, the target is the Diffie-Hellman key exchange process, with the aim being to recover several bytes of information.<\/p>\n

“In the end, this helps the attacker to construct a set of equations and use a solver for the Hidden Number Problem (HNP) to compute the original premaster secret established between the client and the server,” the research team explained.<\/p>\n

\"raccoon-attack-overview.png\"<\/span>