undefined | Better HN

0 pointscmdrfred9y ago0 comments

May I add an example. Let's say you are a drug company and you offer a number of different drugs. With TLS I only know that you are interested in a drug that company produces or the company itself, without it I know you or someone you care about has erectile dysfunction.

0 comments

spand9y ago

No that is not all an attacker could know. TLS does not provide confidentiality of the number of bytes transmitted. So in your example an attacker would only have to crawl the public website and find the pages matching in size to the ones you have been browsing.

mi100hael9y ago

There are web server modules that will append random-length comments to the end of a page's HTML in order to foil this kind of attack

https://github.com/nulab/nginx-length-hiding-filter-module

paulddraper9y ago

Cookies, user-agent header, and keep-alives will make that very hard to figure out.

rplst89y ago

Couldn't this be thwarted by injecting random bytes into each page served to vary the file sizes?

cmdrfredOP9y ago

Good point I hadn't considered that.

j / k navigate · click thread line to collapse