Thursday, January 21, 15:33
Home security Raccoon Attack: Allows hackers to "break" TLS encryption

Raccoon Attack: Allows hackers to "break" TLS encryption

Researchers have unveiled a theoretical attack on the TLS encryption protocol that can be used to decrypt connection HTTPS between users and servers and read sensitive communications. This is an attack known as Raccoon. But how does the Raccoon attack work and what does it offer to hackers?

According to a document released today, during the Raccoon attack, hackers count the time it takes to perform known cryptographic functions to identify parts of the algorithm. The target of such an attack is the Diffie-Hellman key exchange process, with the aim of recovering several byte information. In this way, hackers can construct a set of equations and use a solver to Hidden Number Problem (HNP) to calculate the original premaster secret created between the client and the server. According to researchers, all servers that use it exchange Diffie-Hellman keys for creating TLS connections, are vulnerable to attacks Raccoon.

Raccoon attack

This is a server-side attack and cannot be executed on a client, such as browsers. The attack must also be performed in part for each client-server connection and cannot be used to retrieve the server private key and decrypt all connections at the same time. Servers that use Diffie-Hellman key exchange and TLS 1.2 and below are considered vulnerable, and DTLS is also affected. On the other hand, TLS 1.3 is considered secure.

However, despite their ability to decrypt TLS sessions and read sensitive communications, this group of researchers was the first to admit that the Raccoon attack was extremely difficult to carry out, as specific and extremely "rare" conditions had to be met. In particular, the researchers said that hackers need to be close to the destination server to perform high-precision timing measurements. They need the victim connection to use the Diffie-Hellman key exchange and the server to reuse the ephemeral keys. And finally, hackers need to notice the initial connection. However, compared to what hackers must do to "break" modern cryptographic primitives such as AES, the attack no longer seems complicated. In fact, hackers are likely to use other methods of attack that are simpler and more reliable than this attack.

Raccoon attack

While the attack has been deemed "difficult" to exploit, some companies have been released patches. Indicatively The Microsoft (CVE-2020-1596), Mozilla and F5 Networks (CVE-2020-5929) but also the OpenSSL (CVE-2020-1968), have been released updates security to prevent Raccoon attacks. Additional technical details are also available on a dedicated site and in a research paper entitled "Raccoon Attack: Finding and Exploiting Most-Significant-Bit-Oracles inTLS-DH".


Please enter your comment!
Please enter your name here

Every accomplishment starts with the decision to try.


COSMOTE and Microsoft provide new cloud solutions for businesses

COSMOTE and Microsoft expand their cooperation, offering even more advanced and high quality cloud solutions, in large and small ...

Cyber ​​attacks in Eastern Europe are on the rise!

The cyber-attacks that have taken place in many US government agencies and companies in recent months have caused concern in the developing countries of ...

Tesla reduces the prices of the Model 3 in Europe

Tesla has reduced the prices of the Model 3 in many European markets, which reductions could be partly linked ...

iOS, Android, XBox users in the crosshairs of a new malvertising campaign

Recently a new malvertising campaign was discovered that targets users of mobile and other connected devices and uses effective ...

Microsoft: "Zero trust" protects against sophisticated hacking attacks

According to Microsoft, the techniques used by the hackers of SolarWinds, were sophisticated but common and preventable. To avoid future attacks ...

US: Twitter locks Chinese embassy account due to "dehumanization"

Twitter said it locked the account of the Chinese embassy in the United States for a tweet about its women ...

Ransomware victims pay a ransom to prevent their data from being leaked

Keeping backups is very important, especially in cases of Ransomware attacks. However, it seems that the hackers are using new methods, with ...

QAnon fans: Disappointed on social media after Biden was sworn in

Some QAnon supporters have expressed frustration at online forums and chat rooms over Joe Biden's swearing-in. Most...

COVID-19: Amazon wants to help Biden distribute the vaccines

Amazon has offered to help President Biden distribute COVID-19 vaccines. The letter from Dave Clark, vice president ...

Nitro PDF: Leaked database with 77 million user files!

Hacker leaked on January 20 a stolen database containing email addresses, names and passwords for over ...