|
|
|
|
|
|
by jsnell
410 days ago
|
|
|
In your example, the attacker already has the session key for the TLS connection, so they don't need to run this attack to decrypt the traffic on that connection. And running the attack does not help them decrypt any other connections. Sweet32 depended on the attacker being able to send an arbitrary amount of traffic over a connection where they did not control either of the endpoints, and with that connection also carrying the data they wanted to steal. That doesn't map at all to the proposed "infinite stream of EHLOs" attack. |
|
|