Skip to content

Questions about CRIME

Short answers, pulled from the story.

What is the CRIME security vulnerability?

CRIME, short for Compression Ratio Info-leak Made Easy, is a security vulnerability in HTTPS and SPDY protocols that use compression. It can leak the content of secret web cookies, and recovering an authentication cookie lets an attacker perform session hijacking on an authenticated web session.

How does the CRIME attack work?

CRIME combines a chosen plaintext attack with information leakage through data compression. The attacker observes the size of the ciphertext sent by the browser while inducing it to make crafted connections, then watches the compressed payload shrink when injected content matches the secret cookie. Divide and conquer techniques recover the secret in a number of probes that is a small multiple of the secret's byte length.

Who discovered the CRIME exploit?

The CRIME exploit was hypothesized by Adam Langley and first demonstrated by security researchers Juliano Rizzo and Thai Duong. Rizzo and Duong also created the earlier BEAST exploit and were due to reveal CRIME in full at the 2012 ekoparty security conference.

How can the CRIME vulnerability be prevented?

CRIME can be defeated by preventing the use of compression at either end of the connection. A browser can disable compression of SPDY requests, or a website can refuse compression using the TLS protocol negotiation, where a client offering only 'none' or a server refusing compression ensures data is not compressed.

What is the BREACH attack and how is it related to CRIME?

BREACH, short for Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext, is a variant of the CRIME exploit announced at the August 2013 Black Hat conference by researchers Gluck, Harris and Prado. It uncovers HTTPS secrets by attacking the inbuilt HTTP data compression that webservers use to reduce network traffic.

Was the CRIME exploit against HTTP compression fixed?

As of December 2013, the CRIME exploit against HTTP compression had not been mitigated at all, even though the SPDY and TLS-level versions were addressed in the latest Chrome and Firefox browsers. Rizzo and Duong warned that this HTTP variant might be even more widespread than SPDY and TLS compression combined.