Hacker News new | ask | show | jobs
by barrydahlberg 4643 days ago
Can you please clarify exactly what you mean by compression? Is this referring to typical gzip compression in HTTP results or something else?
2 comments
cenhyperion 4643 days ago
>Is this referring to typical gzip compression in HTTP

Yes. It's a major vulnerability discovered in the past few months that significantly weakens the crypto.

Website Describing the attack: http://breachattack.com/

Django Blog Post: https://www.djangoproject.com/weblog/2013/aug/06/breach-and-...

link
barrydahlberg 4643 days ago
That's not cool. The last thing we need is more things for people to use as reasons for not using HTTPS at all.
link
espeed 4643 days ago
Yes, BREACH exploits HTTP body compression so this means typical gzip compression in HTTP results (see http://breachattack.com, http://en.wikipedia.org/wiki/HTTP_compression#Security_impli...).

Full Paper: "BREACH: Reviving the CRIME Attack" (http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%2...)

link