Tool cracks SSL cookies in just ten minutes
On Friday, 23 September, at the Ekoparty security conference in Buenos Aires, researchers Juliano Rizzo and Thai Duong are planning to present a tool known as BEAST (Browser Exploit Against SSL/TLS). The tool allows an attacker on the same network to intercept and decrypt SSL cookies by performing a 'blockwise-adaptive chosen-plaintext' attack on encrypted packets.
The attacker has to get the browser to send some data to the remote site over the encrypted channel. Since the attacker now has both plain and encrypted text, they are able to determine the entropy used, significantly reducing the work involved in cracking the encryption. According to comments made by Rizzo to The Register, BEAST is now able to crack an encrypted PayPal cookie in less than ten minutes.
The attack only works where communication is encrypted with TLS version 1.0 – version 1.1, which was adopted in 2006, is not vulnerable to this attack. In practice, however, nearly all HTTPS connections continue to make use of TLS 1.0. OpenSSL is used on a large number of servers, but only version 1.0.1, a development release, currently supports the newer TLS 1.1 standard. No specific remedies for this problem are available at present.