Can anyone give me a hint why “Being able to predict the IV breaks CBC security, and that led to the BEAST attack.” is a problem? IIUC, IVs are not meant to be secret - with explicit IVs a MITM would know the IV as soon as the packet is sent anyway.
So how does having advance notice of what the IV for the next record will be matter? I imagine it’s to do with injecting a packet which makes use of that IV, but I don’t see how that is useful without also knowing the key - which a MITM wouldn’t?
(I’ve tried a few BEAST writeups, but they focus on how hard the attack is to execute and I’ve not yet seen this explained).
edit: OK, this is a good writeup: https://blog.cryptographyengineering.com/2011/09/21/brief-diversion-beast-attack-on-tlsssl/
Thanks, that helps a lot.