Bitcoin Forum

Other => Off-topic => Topic started by: awesome31312 on October 15, 2014, 11:42:22 PM



Title: SSL compromised
Post by: awesome31312 on October 15, 2014, 11:42:22 PM
"An attack affectionately known as "POODLE" (Padding Oracle On Downgraded Legacy Encryption), should put a stake in the heart of SSL, and move the world forward to TLS."

"We often refer to the worlds most popular encryption standard as SSL, but SSL was replaced by a newer standard, TLS, back in 1999. The name however, stuck."
"Yesterdays announced POODLE flaw is in SSL version 3. The newer TLS is fine."

"POODLE is a chosen-plaintext attack similar in effect to BREACH; an adversary who can trigger requests from an end user can extract secrets from the sessions (in this case, encrypted cookie values). This happens because the padding on SSLv3 block ciphers (to fill out a request to a full block size) is not verifiable - it isn't covered by the message authentication code. This allows an adversary to alter the final block in ways that will slowly leak information (based on whether their alteration survives verification or not, leaking information about *which* bytes are interesting). Thomas Pornin independently discovered this, and published at StackExchange.

On its own, POODLE merely makes certain cipher choices no longer as trustworthy. Unfortunately, these were the last ciphers that were even moderately trustworthy - the other ciphers available in SSLv3 having fallen into untrustworthiness due to insufficient key size (RC2, DES, Export ciphers); cryptanalytic attacks (RC4); or a lack of browser support (RC2, SEED, Camellia). The POODLE attack takes out the remaining two (3DES and AES) as trustworthy (and covers SEED and Camellia as well, so we can't advocate for those)."

Source (http://www.zdnet.com/google-reveals-major-flaw-in-outdated-but-widely-used-ssl-protocol-7000034677/)


Title: Re: SSL compromised
Post by: tilray on October 15, 2014, 11:52:16 PM
Hmm no wonder so many people accessing the blockchain.info website using tor have been getting their coins stolen


Title: Re: SSL compromised
Post by: scarsbergholden on October 16, 2014, 01:46:52 AM
It has been reported that many bitcoin related sites have been affected this forum. It is recommended that you change your password on any website that you have accessed in the last few days, especially ones that you accessed via TOR or via ISPs (including VPNs) that are untrustworthy.

I do however this this is one example as to why it is such a good idea to why 2FA whenever you can