Speed At The Cost of Security
Over the last five years, the Internet has been transformed with a new suite of performance improving communication protocols such as SPDY, HTTP/2 and QUIC. These new protocols are being rapidly implemented to improve the speed and performance of the Internet. More than 10% of the top 1 Million websites are already using some of these technologies, including much of the 10 highest traffic sites.
Security protocols like QUIC are using a mode of encryption called Advanced Encryption Standard Galois/Counter Mode (AES-GCM) for its speed and performance. By default, AES-GCM’s cipher text is the same length as the original plaintext. For transmitting sensitive communications like passwords, an eavesdropper could use the Ring-Road vulnerability to identify the length of your password and increase their chances to guess your password and successfullly login into your account.