Site icon SSL.com

“Raccoon Attack” Targets TLS 1.2 and Earlier, but Is Difficult to Exploit

Raccoon Attack Logo
Image: raccoon-attack.com

There’s a new type of SSL/TLS attack in town. A team of academic security researchers recently released a paper introducing the Raccoon attack. Raccoon is a timing vulnerability in the TLS specification which impacts HTTPS and other services reliant on SSL/TLS. Under very specific and rare conditions, Raccoon allows malicious third-party attackers to break SSL/TLS encryption and read sensitive communications. 

Specifically, Raccoon attacks take place on Diffie-Hellman key exchanges. When both TLS peers exchange public keys as part of a Diffie-Hellman exchange, they then compute a shared key called the “premaster secret,” which is then used to derive all TLS session keys with a specific key derivation function. 

TLS 1.2 and all preceding versions require that all leading zero bytes in this premaster secret be stripped before proceeding. The resulting premaster secret is used as an input in the key derivation function, which is based on hash functions with different timing profiles. These precise timing measurements could allow an attacker to construct an oracle from the TLS server, which would tell the attacker whether or not a computed premaster secret starts with zero. 

From this single byte, attackers can begin to construct a set of equations to compute the original premaster secret established between the client and server. This could allow attackers to decrypt communication between users and the server, including usernames, passwords, credit card information, emails, and a long list of potentially sensitive information. 

While it sounds terrifying, keep in mind that this attack can only take place under very specific and rare circumstances: the server must reuse public Diffie-Hellman keys in the handshake (already considered bad practice), and the attacker must be able to make precise timing measurements. Furthermore, the browser must support the vulnerable cipher suites (as of June 2020 all the major browsers have dropped them).

Even if Raccoon is not practical for most attackers, there are still steps website owners can take to protect themselves and visitors:

Thank you for choosing SSL.com! If you have any questions, please contact us by email at Support@SSL.com, call 1-877-SSL-SECURE, or just click the chat link at the bottom right of this page. You can also find answers to many common support questions in our knowledgebase.
Exit mobile version