[Standards] compression attacks

Thijs Alkemade thijs at xnyhps.nl
Thu Feb 13 12:19:22 UTC 2014


On 13 feb. 2014, at 01:04, Peter Saint-Andre <stpeter at stpeter.im> wrote:

> While working on draft-sheffer-uta-tls-attacks with Yaron Sheffer this week, he pointed out to me that the TIME and BREACH attacks might apply to application-layer compression technologies such as XEP-0138 for XMPP. I haven't looked into that in detail yet, but I figured I'd raise the issue here for discussion.

Depends on what data you consider secret.

Passwords shouldn't be in the compressed stream, per XEP-0170. Other highly
sensitive data can be your contact list and the contents of your messages.
Both of these an attacker should not be able to trigger retransmissions of,
which complicates attacking them.

But it's likely the attacker will be able to extract information like "is
juliet at example.lit on your roster?", "did you receive a message from
juliet at example.lit in the past 32 kB?" (the zlib window size) or "did you
receive a message that included the phrase 'thermonuclear war' in the last 32
kB?".

Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://mail.jabber.org/pipermail/standards/attachments/20140213/eeae013f/attachment.sig>


More information about the Standards mailing list