What is BEAST?

Browser Exploit Against SSL/TLS BEAST is an attack against SSL/TLS which is the cryptographic system that protects data sent online. A practical attack was found to be possible against TLS v1.0 and SSLv3.0 (and below). The issue is that the Initialisation Vector (IV) utilised as part of the encryption process can be determined by an attacker. IVs are utilised to prevent encrypted data from being deterministic, they essentially make it harder for attackers to determine patterns in encrypted data. Without them if a repeating pattern is evident in the plaintext then it will be evident in the ciphertext and this …

Read More