DROWN Attack - Decrypting RSA using Obsolete and Weakened eNcryption (TLS Academy)

Описание: DROWN (Decrypting RSA using Obsolete and Weakened eNcryption) is a cross-protocol attack that allows an attacker to break a passively collected RSA key exchange for any TLS server if the RSA keys are also used for SSLv2, possibly on a different server.

This adaptive chosen ciphertext attack is based on the Bleichenbacher attack and PKCS#1 v1.5 padding:
   • Bleichenbacher Attack / Million Message At...  

More on DROWN can be found:
https://tlsacademy.cs.upb.de/labs/bas...

TLS Academy is an educational platform for TLS developed by the Paderborn University (https://cs.uni-paderborn.de/en/syssec/) and the Ruhr University Bochum (https://informatik.rub.de). On TLS Academy, you can learn about TLS in general, review potential attacks plus their prevention and solve challenges e.g. by performing attacks on our predefined vulnerable servers.


Visit our website at: https://tlsacademy.cs.upb.de/
#drown #ssl #tls #cryptography #tlsacademy #security #cybersecurity


---------- Contents of the Video ----------

0:00 - Intro
0:40 - SSLv2 overview
2:01 - SSLv2 protocol flow
2:45 - SSLv2 handshake
3:42 - Decryption oracle
4:30 - Attack principle
5:15 - Attack flow
6:16 - DROWN in numbers
6:36 - Vulnerability and prevention

Speaker: Selina Kloth