TLS 'Secrets'

Presented at Black Hat USA 2013, July 31, 2013, 11:45 a.m. (60 minutes)

SSL and TLS have become the de-facto standards for transport-layer encryption. In recent years, many vulnerabilities have been uncovered in both the standards, their implementation and the way people configure and use them. This talk is exploring in details a lesser-known and much less talked about part of the standard which breaks some of the security properties one would expect. A tool allowing for forensic recovery of plaintext (even when PFS ciphers are in use) will be released.

Presenters:

• Florent Daigniere / NextGen$   as Florent 'NextGen$' Daigniere
  Florent works as a security professional for a boutique security consultancy firm in London, UK. By day, he is raising security awareness; training people under the Tiger Scheme umbrella, breaking things on request for a select few clients, and annoying vendors exposing obvious bugs in popular 'security' products. In 2012, he was awarded a Pwnie Award at Black Hat for exposing the Most Epic Fail of the year. By night, and for over a decade now, he is secretly working on Freenet (https://freenetproject.org), a decentralized, peer-to-peer censorship resistant tool allowing to publish and retrieve content anonymously.

Links:

• https://www.blackhat.com/us-13/archives.html#NextGen
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2013/video/Black Hat 2013 - TLS - SECRETS.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2013/video/Black Hat 2013 - TLS - SECRETS.mp4
• https://www.youtube.com/watch?v=nNrVjHaRFSk
• https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf
• https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf

Similar Presentations:

• DeepSec 2016 „Ten“ / TLS 1.3: Lessons Learned from Implementing and Deploying the Latest Protocol
• DeepSec 2014 „Do you want to know more?“ / Introduction to and survey of TLS Security
• Black Hat USA 2014 / The BEAST Wins Again: Why TLS Keeps Failing to Protect HTTP