Bicycle attack

Page last edited 284 days 15 hours ago by Phmadore

An HTTPS Bicycle Attack or TLS Bicycle Attack refers to a method of discovering password length on encrypted packets transmitted via SSL, or HTTPS. The name is in reference to the fact that contents of the package may not be known, but certainly the dimensions of the package can be known, in the same way that a gift-wrapped bicycle at Christmas is obviously a bicycle. Perhaps the recipient can't tell what the bicycle looks like, but they can tell that it is a bicycle, and how tall it is, and how long it is. The term was first coined on December 30th, 2015, by Guido Vranken, who wrote:

The name TLS Bicycle Attack was chosen because of the conceptual similarity between how encryption hides content and gift wrapping hides physical objects. My attack relies heavily on the property of stream-based ciphers in TLS that the size of TLS application data payloads is directly known to the attacker and this inadvertently reveals information about the plaintext size; similar to how a draped or gift-wrapped bicycle is still identifiable as a bicycle, because cloaking it like that retains the underlying shape. The reason that I've named this attack at all is only to make referring to it easier for everyone.

The premise of the bicycle attack is that it makes brute-forcing of passwords much easier, because the length of passwords can be known. Moreover, it guts the idea that SSL-encrypted HTTP packets obscure the length, because "the redundancy of the plaintext HTTP headers included in each and every request can be exploited in order to reveal the length of particular components (such as passwords) of particular requests (such as authentication to a web application)."

Article info

Categories: Exploits