Summary: side channel via new APIs Resource Timing and Fetch allow BREACH or CRIME to be implemented via third party cookies. Disabling third party cookies prevents this attack.
>Because the compression used by just about every website works by eliminating repetitions of text strings, correct guesses result in no appreciable increase in data size while incorrect guesses cause the response to grow larger.
Frankly, I'm a little surprised that popular encryption schemes don't pepper the data with some random noise the client would know how to filter out.
[+] [-] tremon|9 years ago|reply
[+] [-] joveian|9 years ago|reply
[+] [-] turbohedgehog|9 years ago|reply
[+] [-] drzaiusapelord|9 years ago|reply
Frankly, I'm a little surprised that popular encryption schemes don't pepper the data with some random noise the client would know how to filter out.
[+] [-] anonbanker|9 years ago|reply
0. https://www.youtube.com/watch?v=Z7Wl2FW2TcA
[+] [-] hexane360|9 years ago|reply
[+] [-] babuskov|9 years ago|reply