Why the BEAST Doesn't Threaten Tor Users 54
Earlier in the week, we posted news of a vulnerability discovered in virtually all websites secured with theoretically outdated (but widespread) versions of SSL and TLS encryption. Luckily for all non-nefarious users, this vulnerability (called BEAST, short for Browser Exploit Against SSL/TLS) was discovered and disclosed by researchers Thai Duong and Juliano Rizzo, and browser makers are pushing out changes to nullify it. Many systems, though, will remain unpatched for a long time. Nick Mathewson (nickm) of the Tor project has posted an explanation of why Tor traffic, as he understands the attack, remains safe. As a side benefit for those of us who aren't security experts, his description explains in plain language just what the danger is.
Summary (Score:2, Informative)
Tor uses OpenSSL's "empty fragment" feature, which inserts a single empty TLS record before every record it sends. This effectively randomizes the IV of the actual records, like a low-budget TLS 1.1. So the attack is simply stopped.
You don't need to use BEAST (Score:3, Informative)
Tor's flaw is not MIM attacks, it is not knowing who owns the exit node.