CRIME-Vulnerability/EN/Background: Unterschied zwischen den Versionen

Aktuelle Version vom 11. Juni 2019, 12:27 Uhr

The CRIME attack takes advantage of the fact that data compression can change the length of encrypted messages, and this provides conclusions about the plain text. This can be used by a skilled attacker to steal cookies, for example.

Version vom 4. Juli 2018, 10:10 Uhr (Quelltext anzeigen) Siwebot (Diskussion \| Beiträge) (Die Seite wurde neu angelegt: „The exploited vulnerability (CRIME) is a combination of chosen plain text attack and unintentional information leakage caused by data compression. CRIME can be…“)		Aktuelle Version vom 11. Juni 2019, 12:27 Uhr (Quelltext anzeigen) Siwebot (Diskussion \| Beiträge)
(Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt)
Zeile 1:		Zeile 1:
−	The ~~exploited vulnerability (~~CRIME~~) is a combination~~ of ~~chosen plain text attack and unintentional information leakage caused by~~ data compression~~. CRIME~~ can ~~be prevented by disabling~~ the ~~use~~ of ~~compression~~, ~~either on~~ the ~~client side~~, ~~if the browser disables the compression of SPDY requests, or if the web page prevents the use of data compression~~ for ~~such transactions using the protocol negotiation characteristics of the TLS protocol~~.	+	The CRIME attack takes advantage of the fact that data compression can change the length of encrypted messages, and this provides conclusions about the plain text. This can be used by a skilled attacker to steal cookies, for example.

CRIME-Vulnerability/EN/Background: Unterschied zwischen den Versionen

Aktuelle Version vom 11. Juni 2019, 12:27 Uhr

Navigationsmenü

Meine Werkzeuge

Namensräume

Varianten

Ansichten

Mehr

Suche

Navigation

Siwecos

Werkzeuge