Explanation of attack:
"The most severe problem of CBC encryption in SSL 3.0 is that its block cipher padding is
not deterministic, and not covered by the MAC (Message Authentication Code)"
https://www.openssl.org/~bodo/ssl-poodle.pdf
Another detailed explanation:
https://www.imperialviolet.org/2014/10/14/poodle.html
"The most severe problem of CBC encryption in SSL 3.0 is that its block cipher padding is
not deterministic, and not covered by the MAC (Message Authentication Code)"
https://www.openssl.org/~bodo/ssl-poodle.pdf
Another detailed explanation:
https://www.imperialviolet.org/2014/10/14/poodle.html
No comments:
Post a Comment