随机长度HTML评论
Random length HTML comment
在我访问的 Goodreads 页面的源代码末尾,有以下代码,在结束 </html> 标记之后:
...
</body>
</html>
<!-- This is a random-length HTML comment: ocufpknrqrhggkynniqfuunofiuufunhjtvapgfyvsxfvvvbzfwkhqfazmhydbqfqvymamwthwllkpxvkjqssgqopoiozifoxillqstontzzzmtwkjbmmwfejssorsfxixtsxgcrzuhiuhjnfczeprcmnieowarxsjkpojgjwlecvuitlenftpreqovysmfmjgtjsxingjkgqnjmtugnzbfsyrynrxkmjjcowffwkbmjlwqqbatwdzlhzzlbhfwiugmnezcahpxpsdaoljnpgfxgglcyiqvgyocrclrgpelgzjbdkcnvudiopkhwkiyghooichcafzjduixdqtkktymvdpmjrheiurooozutdbuoalrhwmmvlwbutrovxfwfkkwbvzppivfipkgoimpymmvixdiyvlapjxiqqgrohlibleuzpxdrmrfclrtdyxrtmldqusmvypkkssxibaxynxomxoxmrvmrweorjmehqrsbxebgijcychltpiapnuoxlhhlhirkrwmfnwvntdscnlikiczqvgpmpsiwkudnioehxnqlbtlwzqvnbbgpyngdnjqydtyxqfphrdcvidpdkcdbtdkfgermhgjhlajhlliktyujtchswfvvdjjxqqjmkfojlsdgozixmhpeaeozguqnnzpsbfzaxvmreqvjbygrbwoeheuzabjrcfxqiugqneeondxtppqfkbvwkcjcqlixrqzhfocaezrzxhkvwotraniyuireggwjegzblwbygqjywdaxcmvzlkpfrzluhgigjyyspvnfcrlbgjicxpahpikcvfhbuiwfgoajcicjomijozrisrtyicucbfqczyvpjlmlxemibangnvyeboattdcpveemtydcowutgegwckzsitkrttkspzxzbcn -->
这样做的目的是什么?
当我搜索短语“This is a random-length HTML comment", I get results relating to breach-mitigation-rails and SendGrid API v3.
好像和mitigating the BREACH attack有关:
3.1. Length Hiding. The crux of the attack is to be able to measure the length of the ciphertext. So, a natural attempt at
mitigation is to hide this information from the attacker. It seems as
though this should be simple and easy; one can simply add a random
amount of garbage data to each response. Surely then the true length
of the ciphertext will be hidden.
但是:
While this measure does make the attack take longer, it does so only
slightly. The countermeasure requires the attacker to issue more
requests, and measure the sizes of more responses, but not enough to
make the attack infeasible. By repeating requests and averaging the
sizes of the corresponding responses, the attacker can quickly learn
the true length of the cipher text. This essentially boils down to the
fact that the standard error of the mean in this case is inversely
proportional to N, where N is the number of repeat requests the
attacker makes for each guess. For a discussion of the limits of
length-hiding in a slightly different context, see [7]. We also
comment that there is an IETF working group developing a proposal to
add length-hiding to TLS [6].
http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf
在我访问的 Goodreads 页面的源代码末尾,有以下代码,在结束 </html> 标记之后:
...
</body>
</html>
<!-- This is a random-length HTML comment: ocufpknrqrhggkynniqfuunofiuufunhjtvapgfyvsxfvvvbzfwkhqfazmhydbqfqvymamwthwllkpxvkjqssgqopoiozifoxillqstontzzzmtwkjbmmwfejssorsfxixtsxgcrzuhiuhjnfczeprcmnieowarxsjkpojgjwlecvuitlenftpreqovysmfmjgtjsxingjkgqnjmtugnzbfsyrynrxkmjjcowffwkbmjlwqqbatwdzlhzzlbhfwiugmnezcahpxpsdaoljnpgfxgglcyiqvgyocrclrgpelgzjbdkcnvudiopkhwkiyghooichcafzjduixdqtkktymvdpmjrheiurooozutdbuoalrhwmmvlwbutrovxfwfkkwbvzppivfipkgoimpymmvixdiyvlapjxiqqgrohlibleuzpxdrmrfclrtdyxrtmldqusmvypkkssxibaxynxomxoxmrvmrweorjmehqrsbxebgijcychltpiapnuoxlhhlhirkrwmfnwvntdscnlikiczqvgpmpsiwkudnioehxnqlbtlwzqvnbbgpyngdnjqydtyxqfphrdcvidpdkcdbtdkfgermhgjhlajhlliktyujtchswfvvdjjxqqjmkfojlsdgozixmhpeaeozguqnnzpsbfzaxvmreqvjbygrbwoeheuzabjrcfxqiugqneeondxtppqfkbvwkcjcqlixrqzhfocaezrzxhkvwotraniyuireggwjegzblwbygqjywdaxcmvzlkpfrzluhgigjyyspvnfcrlbgjicxpahpikcvfhbuiwfgoajcicjomijozrisrtyicucbfqczyvpjlmlxemibangnvyeboattdcpveemtydcowutgegwckzsitkrttkspzxzbcn -->
这样做的目的是什么?
当我搜索短语“This is a random-length HTML comment", I get results relating to breach-mitigation-rails and SendGrid API v3.
好像和mitigating the BREACH attack有关:
3.1. Length Hiding. The crux of the attack is to be able to measure the length of the ciphertext. So, a natural attempt at mitigation is to hide this information from the attacker. It seems as though this should be simple and easy; one can simply add a random amount of garbage data to each response. Surely then the true length of the ciphertext will be hidden.
但是:
While this measure does make the attack take longer, it does so only slightly. The countermeasure requires the attacker to issue more requests, and measure the sizes of more responses, but not enough to make the attack infeasible. By repeating requests and averaging the sizes of the corresponding responses, the attacker can quickly learn the true length of the cipher text. This essentially boils down to the fact that the standard error of the mean in this case is inversely proportional to N, where N is the number of repeat requests the attacker makes for each guess. For a discussion of the limits of length-hiding in a slightly different context, see [7]. We also comment that there is an IETF working group developing a proposal to add length-hiding to TLS [6].
http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf