You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There probably aren't many people using to encrypt their traffic any more, but in case anyone was thinking about it, please don't.
Breaking the encryption of this tool was a challenge for Real World CTF 2020.
By defaul the tunnel uses AES-CFB with a static Initialisation Vector, so multiple connections are encrypted using the same keystream. Furthermore, the streams are malleable, so an adversary can capture your traffic and decrypt it by replaying it through your own proxy server.
There probably aren't many people using to encrypt their traffic any more, but in case anyone was thinking about it, please don't.
Breaking the encryption of this tool was a challenge for Real World CTF 2020.
By defaul the tunnel uses AES-CFB with a static Initialisation Vector, so multiple connections are encrypted using the same keystream. Furthermore, the streams are malleable, so an adversary can capture your traffic and decrypt it by replaying it through your own proxy server.
Here is a full writeup
The text was updated successfully, but these errors were encountered: