0

Suppose a packet is encrypted and sent via an insecure channel so that it is intercepted by a malicious third party as well as the intended recipient. As long as a suitable encryption scheme is used, the message should be (practically) uncrackable.

However, assuming that encryption preserves message length to a certain degree, the third party will gain some info about the size of the message. Is there any context in which knowing only a message’s length could be useful to a hacker? If so, what are some examples?

Franklin Pezzuti Dyer
  • 101
  • 3
  • 1
    You mean packet message length or message length in general? – schroeder Aug 11 '20 at 20:04
  • 1
    Are you wondering about encryption in general or specifically encrypting TCP/IP traffic? Would an answer explaining padding in modern crypto suites be sufficient? – schroeder Aug 11 '20 at 20:06
  • @schroeder Either packet length or message length. And I’m not interested in knowing *how* to prevent the third party from obtaining message length info, but rather what the third party might do with such information. – Franklin Pezzuti Dyer Aug 11 '20 at 20:32
  • But if there is a specific defence against knowing length, wouldn't that help you understand the risks as a pointer for further research? Padding has a specific purpose that I believe is the answer that you are looking for. – schroeder Aug 11 '20 at 21:04

1 Answers1

1

While the length of a message alone is not suitable to directly extract the secrets it might be a valuable context information. If the length of the plain message alone provides useful information then the length of the encrypted message will usually not fully hide these information (only a bit due to padding). Such context is especially useful if there is not only a single message but when many messages can be observed.

The length information can for example together with timing information be used for fingerprinting traffic, like distinguishing DNS over HTTPS from "normal" HTTPS. With DNS over TLS it might also be possible to narrow down which requests where done based on the length. Length information played a major part in the BREACH and CRIME attacks against TLS and HTTPS, where the visible length of the compressed and encrypted content made it possible to figure out parts of the unencrypted content.

Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424