Adaptive Chosen-ciphertext Attack - Practical Attacks

Practical Attacks

Adaptive-chosen-ciphertext attacks were largely considered to be a theoretical concern until 1998, when Daniel Bleichenbacher of Bell Laboratories demonstrated a practical attack against systems using RSA encryption in concert with the PKCS#1 v1 encoding function, including a version of the Secure Socket Layer (SSL) protocol used by thousands of web servers at the time.

The Bleichenbacher attacks, also known as the million message attack, took advantage of flaws within the PKCS #1 function to gradually reveal the content of an RSA encrypted message. Doing this requires sending several million test ciphertexts to the decryption device (e.g., SSL-equipped web server.) In practical terms, this means that an SSL session key can be exposed in a reasonable amount of time, perhaps a day or less.

Read more about this topic:  Adaptive Chosen-ciphertext Attack

Famous quotes containing the words practical and/or attacks:

    Not many appreciate the ultimate power and potential usefulness of basic knowledge accumulated by obscure, unseen investigators who, in a lifetime of intensive study, may never see any practical use for their findings but who go on seeking answers to the unknown without thought of financial or practical gain.
    Eugenie Clark (b. 1922)

    Leadership does not always wear the harness of compromise. Once and again one of those great influences which we call a Cause arises in the midst of a nation. Men of strenuous minds and high ideals come forward.... The attacks they sustain are more cruel than the collision of arms.... Friends desert and despise them.... They stand alone and oftentimes are made bitter by their isolation.... They are doing nothing less than defy public opinion, and shall they convert it by blows. Yes.
    Woodrow Wilson (1856–1924)