TLS response timings can indicate network contents

2013-01-29T00:00:00
ID OPERA:1044
Type opera
Reporter Opera
Modified 2013-01-29T00:00:00

Description

When Opera receives incorrectly encrypted network data, Opera will detect this, and let the sender know that the data was not understood. Such encrypted error responses are marginally faster than regular responses. An attacker with access to the network, can by replacing network data measure Opera's response speed, and deduce the content. By trial and error, entire strings may be read. Network and system stability will have a significant effect on the detection rate, in most cases making reading of data prohibitive.