CRIME attack is shown to decrypt HTTPS web sessions

Friday, September 14, 2012 - 12:02 in Mathematics & Economics

(Phys.org)—The fun of acronyms is reflected in coming up with CRIME, which stands for Compression Ratio Info-leak Made Easy. What it translates into, though, is not much fun. Two security researchers have developed the CRIME attack that can successfully decrypt session cookies from HTTPS (Hypertext Transfer Protocol Secure) connections. This, in theory, would be a serious weakness that would enable the hijacking of a user's session cookie while the user is still authenticated to a website. Encryption protocols are the Internet's fundamental safety cushion, the basic level of trust, in encrypting traffic that flows over open networks. They cryptographically confirm websites are really operated by those sites rather than cyber-criminals and spies.

Read the whole article on Physorg

More from Physorg

Latest Science Newsletter

Get the latest and most popular science news articles of the week in your Inbox! It's free!

Check out our next project, Biology.Net