How do Renegotiation and Triple Handshake Attacks work in TLS?

Both attacks refer to a man-in-the-middle (MITM) attacks, in which an adversary – acting as a MITM – tries to inject data before the client is properly authenticated. This data is then passed to the application together with the data provided by the client after authentication. Because the application cannot properly distinguish the data injected before authentication and the data provided afterwards, several attacks become feasible. The IETF originally crafted a renegotiation_info extension to mitigiate such attacks. In 2014, however, it was shown that this extension is not sufficient, and that a special form of renegotiation attack – a so-called triple handshake attack or 3SHAKE attack, in short – is still feasible, and hence the IETF had to craft another extension (called extended_master_secret ) to mitigate the attack. You may download a 7 page description of the attacks and the respective mitigation technologies here.

Posted in Uncategorized | Leave a comment

What is Salsa20 and ChaCha20?

Salsa20 is a new variable-round stream cipher developed by Dan Bernstein in 2005. It is used in many Internet applications as a replacement for RC4 that has been shown to have statistical defects. ChaCha20 is a modified version of Salsa20 specified in RFC 7539 together with the Poly-1305 message authentication mechanism. As such, it is one of the five standardized AEAD ciphers that can be used in TLS 1.3. You may download a 10 page description of Salsa20 and ChaCha20 here.

Posted in Uncategorized | 2 Comments


Please, leave your question as a comment to this post or e-mail it to In either case, your question is highly appreciated.

Posted in Uncategorized | Leave a comment