Search form

Drown attack sinks SSL security

Drown attack sinks SSL security

Via Cliff Saran | @cliffsaran

Researchers have published a paper outlining how an attacker could crack the TLS security protocol to gain access to millions of secure websites. The cross-protocol attack, known as DROWN (Decrypting RSA with Obsolete and Weakened eNcryption), performs live attacks on TLS, one of the main protocols used for security on the internet. (It also works against TLS e-mail servers.)

According to the researchers, the attack can be completed on a single core on commodity hardware in less than a minute, without GPUs or distributed computing, and is limited primarily by how quickly the server can complete handshakes.

Read the full article.

[ Looking for more technical details on this issue? Read this article. ]