|
Message-ID: <543E3AC1.90605@reactos.org> Date: Wed, 15 Oct 2014 11:13:37 +0200 From: Pierre Schweitzer <pierre@...ctos.org> To: oss-security@...ts.openwall.com Subject: Re: Truly scary SSL 3.0 vuln to be revealed soon: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've a naive question regarding the vulnerability, actually. It says you can recover plain text of ciphered text, using a specific method. But, in the end it means you'll have plain text + ciphered text of the same text. Does that mean you can easily bruteforce the key that was used? So that you can actually, if you logged the complete session, decipher the whole session of the user? And not only the cookie? Or breaking the key would be too complex yet? Cheers, On 10/15/2014 12:41 AM, Hanno Böck wrote: > It's out: > > https://www.openssl.org/~bodo/ssl-poodle.pdf > http://googleonlinesecurity.blogspot.de/2014/10/this-poodle-bites-exploiting-ssl-30.html > > My conclusion stays the same: Disable SSLv3. > - -- Pierre Schweitzer <pierre@...ctos.org> System & Network Administrator Senior Kernel Developer ReactOS Deutschland e.V. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUPjrBAAoJEHVFVWw9WFsL1lsP/jp1l1qTBChu7rC4Z/JJovdb RTER+6C7RpwYB9krldhBtlqvcQoyDTr/XPaOaBgBaG311Ue3NnRjaG5iuskn5sSx Ej+uZj5Eet269AlW9MzldXCFMkI5C0cnhtBypd8QGXC1h79GZlnvp4aa22kVzovd hmzv9IgU+GYpdgFMFNsBCOAUPpBTTEbGCjXD3/T9h0nmKfJq1CFY4ztbN9s2q54z CJh6m3zKKqQHAOtxKCbHuxO70D+A7N/BHh8NmkiKvAdqn+9ohscf06oGnm8Zo1PS uOAP+R1IFbpJa5oPjKN3pKTrfR3Yj0hoImaYyXXyyuhH1LvAZmDqHjTh24hfoLIa PIE/eAckNx4YuxuYiO8n58b2sIdwPQgh9P8JKTwbE+H6wApF8O+5PYtSc8wWeOhn kM3wcefkQ/TZzGC8kcc34knbOhQmWUHQ2kXb0g8QMKPJl+DhOeDYkM/QLeYiXVey AFwnPcywC9QBY+uF3hlTFEjZ+j+u9IvpbWIb9g7fs7Q96l1hp2p998nuVmwfTvxZ yYIBbCrC0XNKN5GQtYhSjtXQZ2ynNw6Etgiysmty4mYfuIZDLIspw9e2oCErfle+ MxmLpjbR+UhA/oaagD8hqs720Er0SMVa1RbJwZeu+JjPm1JOetToFszaNrmXuR4Y xqAJzpkSdPNx0ehpr8rw =+gFQ -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.