Security News > 2020 > September > New Raccoon Attack Can Allow Decryption of TLS Connections

New Raccoon Attack Can Allow Decryption of TLS Connections
2020-09-10 08:49

Researchers from universities in Germany and Israel have disclosed the details of a new timing attack that could allow malicious actors to decrypt TLS-protected communications.

Raccoon can allow a man-in-the-middle attacker to crack encrypted communications that could contain sensitive information.

The attack is only successful if the targeted server reuses public Diffie-Hellman keys in the TLS handshake, and if the attacker can conduct precise timing measurements.

"The attacker needs particular circumstances for the Raccoon attack to work," the researchers wrote on a website dedicated to the Raccoon attack.

"For a real attacker, this is a lot to ask for. However, in comparison to what an attacker would need to do to break modern cryptographic primitives like AES, the attack does not look complex anymore. But still, a real-world attacker will probably use other attack vectors that are simpler and more reliable than this attack," they explained.


News URL

http://feedproxy.google.com/~r/Securityweek/~3/pxYyJYPfkuE/new-raccoon-attack-can-allow-decryption-tls-connections