When a bug is found in OpenSSL that allows eavesdroppers to decrypt people's traffic and steal their secrets, there's always a good deal of handwringing and yelps of despair.
But how can a snooper on your network actually exploit a software flaw to decipher your packets and swipe your passwords? Cloudflare's Filippo Valsorda has written up a zero-to-decryption guide on how to leverage a weakness in OpenSSL and LibreSSL that was revealed and patched on Tuesday this week.
"When the connection uses AES-CBC – for example because the server or the client don’t support TLS 1.2 yet – and the server’s processor supports AES-NI, a skilled man-in-the-middle attacker can recover at least 16 bytes of anything it can get the client to send," noted Valsorda.
"A more skilled attacker than me might also be able to decrypt more than 16 bytes, but no one has shown that it’s possible yet."
His blog post is a pretty good guide to HTTPS cryptography, padding oracles, and the impact of getting your crypto wrong. ®