DROWN Attack - Decrypting RSA using Obsolete and Weakened eNcryption (TLS Academy)
DROWN (Decrypting RSA using Obsolete and Weakened eNcryption) is a cross-protocol attack that allows an attacker to break a passively collected RSA key exchange for any TLS server if the RSA keys are also used for SSLv2, possibly on a different server.
This adaptive chosen ciphertext attack is based on the Bleichenbacher attack and PKCS#1 v1.5 padding:
https://youtu.be/r5dKVRa8L0U
More on DROWN can be found:
https://tlsacademy.cs.upb.de/labs/basics/drown/wiki
TLS Academy is an educational platform for TLS developed by the Paderborn University (https://cs.uni-paderborn.de/en/syssec/) and the Ruhr University Bochum (https://informatik.rub.de). On TLS Academy, you can learn about TLS in general, review potential attacks plus their prevention and solve challenges e.g. by performing attacks on our predefined vulnerable servers.
Visit our website at: https://tlsacademy.cs.upb.de/
#drown #ssl #tls #cryptography #tlsacademy #security #cybersecurity
----------- Contents of the Video -----------
0:00 - Intro
0:40 - SSLv2 overview
2:01 - SSLv2 protocol flow
2:45 - SSLv2 handshake
3:42 - Decryption oracle
4:30 - Attack principle
5:15 - Attack flow
6:16 - DROWN in numbers
6:36 - Vulnerability and prevention
Speaker: Selina Kloth
Видео DROWN Attack - Decrypting RSA using Obsolete and Weakened eNcryption (TLS Academy) канала TLS Academy
This adaptive chosen ciphertext attack is based on the Bleichenbacher attack and PKCS#1 v1.5 padding:
https://youtu.be/r5dKVRa8L0U
More on DROWN can be found:
https://tlsacademy.cs.upb.de/labs/basics/drown/wiki
TLS Academy is an educational platform for TLS developed by the Paderborn University (https://cs.uni-paderborn.de/en/syssec/) and the Ruhr University Bochum (https://informatik.rub.de). On TLS Academy, you can learn about TLS in general, review potential attacks plus their prevention and solve challenges e.g. by performing attacks on our predefined vulnerable servers.
Visit our website at: https://tlsacademy.cs.upb.de/
#drown #ssl #tls #cryptography #tlsacademy #security #cybersecurity
----------- Contents of the Video -----------
0:00 - Intro
0:40 - SSLv2 overview
2:01 - SSLv2 protocol flow
2:45 - SSLv2 handshake
3:42 - Decryption oracle
4:30 - Attack principle
5:15 - Attack flow
6:16 - DROWN in numbers
6:36 - Vulnerability and prevention
Speaker: Selina Kloth
Видео DROWN Attack - Decrypting RSA using Obsolete and Weakened eNcryption (TLS Academy) канала TLS Academy
Комментарии отсутствуют
Информация о видео
31 августа 2022 г. 16:08:45
00:07:23
Другие видео канала
