[Security] TLS Triple Handshakes

Fedor Brunner fedor.brunner at azet.sk
Mon Mar 3 20:46:53 UTC 2014


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


Hi all,
this attack on TLS security may be interesting for XMPP
https://www.imperialviolet.org/2014/03/03/triplehandshake.html
https://secure-resumption.com/#further

The attacker could modify tls-unique channel binding and affect
SCRAM-SHA-1-PLUS authentication method.

Fedor

-----BEGIN PGP SIGNATURE-----

iQJ8BAEBCgBmBQJTFOo9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4QkVFQ0NBRDcyNzU1RTk2RTQwMzlEQjc2
RTE3NDA5NTQwNTY2M0FEAAoJEG4XQJVAVmOtGjgQAKSYCmaeuv+QGR7jmeVEm4qK
h+O8/N8RF6DdupC+Irr4vwRXO+lN60o0iZQb5dVSr24xGtKoqsL8ayj+LKWV9a/K
jL0gTDDJCCPbwBNk83+sTLsKYp4W2a7a7o/VTWLJH/GJ/Czl6+QYENy8RM5WmkaO
86g9Jw4XIFj+ed8o6ak7TaPsqfqngxAWzrm1XkJKmO0bqSyqRj9WG3mmKhqwPmHN
5wt7m1MioGF7qGwJouAswPsTkKFUC69CC3mKePsbM2FmYIhbwIDFTbbiedbct8bg
hEvvQ6E7WTPg2vP06LLV/hLmTADUgATZ2FK15GkA+ntMwXYkkhBX52TsPJM5Kt5v
Jhe49move6FHK8Qt8aNKPDuGor2pnqKUwzUZWc2Wdsz474OsjwG6XUYf39lyjqUr
EVIDVlHDPO3hWGG+jg2ipYpdcvYlTLyf6thAiosfz6glNoOEMn7I+IJBeEcnRZ7r
LshZVRS++JwkloCI3cxGfBjd+6hsBXlKJarHHbeJGzGhubp0h1FYwkCIn/tjKPXD
Lk/EHeBOiDmO0zYCfop75tJ6l9+rHZG0CfOAGWWNHoRjGMYY1V07dDMi7X8LT/iO
OeWjKfW/PQ+2/ZhgnnuNOk0taYmmooG/CqjAdJ16jHcVegPVusfr2mW+ZbaL5jOY
vqe4zuphB1952pbGxlaa
=ccBM
-----END PGP SIGNATURE-----


More information about the Security mailing list