Bicycle attack See also References Navigation menulink to itrelated articlesFind link tool"HTTPS Bicycle Attack"

Internet security


passwordSSLHTTPSbrute-forcingSSLencryptedHTTPpackets






A TLS Bicycle Attack refers to a method of discovering password length on encrypted packets transmitted via SSL, or HTTPS. The term was first coined on December 30, 2015, by Guido Vranken, who wrote:[1]


"The name TLS Bicycle Attack was chosen because of the conceptual similarity between how encryption hides content and gift wrapping hides physical objects. My attack relies heavily on the property of stream-based ciphers in TLS that the size of TLS application data payloads is directly known to the attacker and this inadvertently reveals information about the plaintext size; similar to how a draped or gift-wrapped bicycle is still identifiable as a bicycle, because cloaking it like that retains the underlying shape. The reason that I've named this attack at all is only to make referring to it easier for everyone."

The premise of the bicycle attack is that it makes brute-forcing of passwords much easier, because the length of passwords can be known.


Moreover, it refutes the idea that SSL-encrypted HTTP packets obscure the length, because:



"the redundancy of the plaintext HTTP headers included in each and every request can be exploited in order to reveal the length of particular components (such as passwords) of particular requests (such as authentication to a web application)."[1]


See also


  • Computer security


References



  1. ^ ab Vranken, Guido (December 30, 2015). "HTTPS Bicycle Attack". Retrieved 2016-02-08..mw-parser-output cite.citationfont-style:inherit.mw-parser-output .citation qquotes:"""""""'""'".mw-parser-output .citation .cs1-lock-free abackground:url("//upload.wikimedia.org/wikipedia/commons/thumb/6/65/Lock-green.svg/9px-Lock-green.svg.png")no-repeat;background-position:right .1em center.mw-parser-output .citation .cs1-lock-limited a,.mw-parser-output .citation .cs1-lock-registration abackground:url("//upload.wikimedia.org/wikipedia/commons/thumb/d/d6/Lock-gray-alt-2.svg/9px-Lock-gray-alt-2.svg.png")no-repeat;background-position:right .1em center.mw-parser-output .citation .cs1-lock-subscription abackground:url("//upload.wikimedia.org/wikipedia/commons/thumb/a/aa/Lock-red-alt-2.svg/9px-Lock-red-alt-2.svg.png")no-repeat;background-position:right .1em center.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registrationcolor:#555.mw-parser-output .cs1-subscription span,.mw-parser-output .cs1-registration spanborder-bottom:1px dotted;cursor:help.mw-parser-output .cs1-ws-icon abackground:url("//upload.wikimedia.org/wikipedia/commons/thumb/4/4c/Wikisource-logo.svg/12px-Wikisource-logo.svg.png")no-repeat;background-position:right .1em center.mw-parser-output code.cs1-codecolor:inherit;background:inherit;border:inherit;padding:inherit.mw-parser-output .cs1-hidden-errordisplay:none;font-size:100%.mw-parser-output .cs1-visible-errorfont-size:100%.mw-parser-output .cs1-maintdisplay:none;color:#33aa33;margin-left:0.3em.mw-parser-output .cs1-subscription,.mw-parser-output .cs1-registration,.mw-parser-output .cs1-formatfont-size:95%.mw-parser-output .cs1-kern-left,.mw-parser-output .cs1-kern-wl-leftpadding-left:0.2em.mw-parser-output .cs1-kern-right,.mw-parser-output .cs1-kern-wl-rightpadding-right:0.2em







-

Popular posts from this blog

Lowndes Grove History Architecture References Navigation menu32°48′6″N 79°57′58″W / 32.80167°N 79.96611°W / 32.80167; -79.9661132°48′6″N 79°57′58″W / 32.80167°N 79.96611°W / 32.80167; -79.9661178002500"National Register Information System"Historic houses of South Carolina"Lowndes Grove""+32° 48' 6.00", −79° 57' 58.00""Lowndes Grove, Charleston County (260 St. Margaret St., Charleston)""Lowndes Grove"The Charleston ExpositionIt Happened in South Carolina"Lowndes Grove (House), Saint Margaret Street & Sixth Avenue, Charleston, Charleston County, SC(Photographs)"Plantations of the Carolina Low Countrye

Image
Contributing propertyKeeper of the RegisterHistoric districtHistory of the National Register of Historic PlacesNational Park ServiceProperty typesCharlestonColumbiaGreenvilleNorth CharlestonRock Hill Houses on the National Register of Historic Places in South CarolinaGeorgian architecture in South CarolinaHouses completed in 1786Plantation houses in South CarolinaNational Register of Historic Places in Charleston, South CarolinaHouses in Charleston, South Carolina plantation houseAshley RiverCharlestonNational Register of Historic PlacesRevolutionary WarWilliam LowndesU.S. CongressSouth Carolina Inter-State and West Indian ExpositionGeorgianDoricbalustradespedimentoculusentablaturemodilliondentillightship roofterra cottatilescorbelledcornicesRegency stylespiral staircaseskylight Lowndes Grove U.S. National Register of Historic Places Lowndes Grove in 1940 Show map of South Carolina Show map of the United States Location 260 St. Margaret St., Charleston, South Carolina Coordinates 32
Read more

random experiment with two different functions on unit interval Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 00:00UTC (8:00pm US/Eastern)Random variable and probability space notionsRandom Walk with EdgesFinding functions where the increase over a random interval is Poisson distributedNumber of days until dayCan an observed event in fact be of zero probability?Unit random processmodels of coins and uniform distributionHow to get the number of successes given $n$ trials , probability $P$ and a random variable $X$Absorbing Markov chain in a computer. Is “almost every” turned into always convergence in computer executions?Stopped random walk is not uniformly integrable

Image
What would you call this weird metallic apparatus that allows you to lift people? Is it possible to give , in economics, an example of a relation ( set of ordered pairs) that is not a function? Maximum summed subsequences with non-adjacent items How many time has Arya actually used Needle? Is there public access to the Meteor Crater in Arizona? Belief In God or Knowledge Of God. Which is better? What is the meaning of 'breadth' in breadth first search? Why is there Net Work Done on a Pressure/Volume Cycle? How much damage would a cupful of neutron star matter do to the Earth? Sum letters are not two different Why does it sometimes sound good to play a grace note as a lead in to a note in a melody? What initially awakened the Balrog? How to pronounce 伝統色 QGIS virtual layer functionality does not seem to support memory layers AppleTVs create a chatty alternate WiFi network How to write capital alpha? How often does castling occur in grandmaster gam
Read more

How should I support this large drywall patch? Planned maintenance scheduled April 23, 2019 at 00:00UTC (8:00pm US/Eastern) Announcing the arrival of Valued Associate #679: Cesar Manara Unicorn Meta Zoo #1: Why another podcast?How do I cover large gaps in drywall?How do I keep drywall around a patch from crumbling?Can I glue a second layer of drywall?How to patch long strip on drywall?Large drywall patch: how to avoid bulging seams?Drywall Mesh Patch vs. Bulge? To remove or not to remove?How to fix this drywall job?Prep drywall before backsplashWhat's the best way to fix this horrible drywall patch job?Drywall patching using 3M Patch Plus Primer

Image
How do living politicians protect their readily obtainable signatures from misuse? Is it possible to force a specific program to remain in memory after closing it? File name problem(?) How to pronounce 伝統色 How does the math work when buying airline miles? Sum letters are not two different An adverb for when you're not exaggerating What does it mean that physics no longer uses mechanical models to describe phenomena? Take 2! Is this homebrew Lady of Pain warlock patron balanced? How many time has Arya actually used Needle? A letter with no particular backstory Converted a Scalar function to a TVF function for parallel execution-Still running in Serial mode Generate an RGB colour grid Co-worker has annoying ringtone Strange behavior of Object.defineProperty() in JavaScript "Lost his faith in humanity in the trenches of Verdun" — last line of an SF story What is this round thing on the pantry door in The Shining What would you call this weir
Read more