Variation of Old Cryptographic Attack Affects giants[source: bleepingcomputer]

by CIRT Team

Three security researchers have discovered a variation to an old cryptographic attack that can be exploited to obtain the private encryption key necessary to decrypt sensitive HTTPS traffic under certain conditions.

Named ROBOT, which stands for Return Of Bleichenbacher’s Oracle Threat, this new attack is a variation of the Bleichenbacher attack on the RSA algorithm discovered almost two decades ago.

The original Bleichenbacher attack

Back in 1998, Daniel Bleichenbacher of Bell Laboratories discovered a bug in how TLS servers operate when server owners choose to encrypt server-client key exchanges with the RSA algorithm.

By default, before a client (browser) and a server start communicating via HTTPS, the client will choose a random session key that it will encrypt with the server’s publicly-advertised key. This encrypted session key is sent to the server, which uses its private key to decrypt the message and save a copy of the session key that it will later use to identify each client.

For more, click here.

CIRT Team

Recommended Posts

Training on cybersecurity awareness for Department of Women Affairs

25 Nov 2023 - Articles, English articles, News, News Clipping, Service

BGD e-GOV CIRT এর আয়োজনে আয়োজনে আর্থিক প্রতিষ্ঠান ও CII সমূহের সাইবার ড্রিল ২০২৩ চূড়ান্ত পর্ব অনুষ্ঠিত

22 Oct 2023 - Articles, Bangla Articles, CIRT In Media, News, News Clipping

WhatsApp down for millions of users globally: App not working for group and individual chats; Twitter gets flooded with memes

25 Oct 2022 - News, News Clipping