1. 8

  2. 2

    Can anyone give me a hint why “Being able to predict the IV breaks CBC security, and that led to the BEAST attack.” is a problem? IIUC, IVs are not meant to be secret - with explicit IVs a MITM would know the IV as soon as the packet is sent anyway.

    So how does having advance notice of what the IV for the next record will be matter? I imagine it’s to do with injecting a packet which makes use of that IV, but I don’t see how that is useful without also knowing the key - which a MITM wouldn’t?

    (I’ve tried a few BEAST writeups, but they focus on how hard the attack is to execute and I’ve not yet seen this explained).

    edit: OK, this is a good writeup: https://blog.cryptographyengineering.com/2011/09/21/brief-diversion-beast-attack-on-tlsssl/

      1. 1

        Thanks, that helps a lot.