Raccoon Attack - Finding and Exploiting Most-Significant-Bit-Oracles in TLS-DH(E)

Explore the intricacies of the Raccoon Attack, a cryptographic vulnerability affecting TLS-DH(E), in this conference talk delivered by Robert Merget at the Workshop on Attacks in Cryptography during Crypto 2021. Delve into the fundamentals of TLS-DH(E) and constant time execution before examining the attack's methodology for retrieving the PMS (Pre-Master Secret). Analyze key derivation processes in TLS, including the Merkle-Damgård construction and hashfunction performance expectations. Investigate SSL 3 key derivation, TLS 1.0/1.1 PRF, and the role of HMAC in the PRF. Learn about measurement errors, special timing measurement equipment, and the challenges of direct Raccoon attacks with non-determinism. Assess the impact of the Raccoon Attack and explore potential countermeasures. Extend the discussion to Raccoon's implications for ECDH(E), TLS 1.3, and eTLS/ETS. Examine the underlying reasons for these vulnerabilities and their relation to the PRF-ODH assumption. Conclude by considering Raccoon's potential effects on other protocols, gaining a comprehensive understanding of this significant cryptographic exploit.