Draft:VORACLE

Review waiting, please be patient. This may take 2–3 weeks or more, since drafts are reviewed in no specific order. There are 1,382 pending submissions waiting for review. If the submission is accepted, then this page will be moved into the article space. If the submission is declined, then the reason will be posted here. In the meantime, you can continue to improve this submission by editing normally. Where to get help If you need help editing or submitting your draft, please ask us a question at the AfC Help Desk or get live help from experienced editors. These venues are only for help with editing and the submission process, not to get reviews. If you need feedback on your draft, or if the review is taking a lot of time, you can try asking for help on the talk page of a relevant WikiProject. Some WikiProjects are more active than others so a speedy reply is not guaranteed. How to improve a draft Wikipedia:Contributing to Wikipedia – a basic overview on how to edit Wikipedia. Help:Wikitext – how to use the markup Help:Referencing for beginners – how to include references Wikipedia:Article development – how to develop your article Wikipedia:Writing better articles – how to improve your article Wikipedia:Verifiability – make sure your article includes reliable third-party sources You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Add tags to your draft Editor resources Easy tools: Citation bot (help) | Advanced: Fix bare URLs Reviewer tools Instructions · What links here · VORACLE (talk: + · bio) · (log) · Copyvios report · reFill · Citation Bot · (Search: Google, Wikipedia) · Submitted 11 days ago by Wazul Pheran (talk: D · +) · Last edited 10 days ago by EatingCarBatteries

The VORACLE (short for VPN ORACLE) is a class of compression oracle attacks against virtual private network (VPN) traffic that exploit the use of data compression prior to encryption. The attack allows an active network adversary to infer sensitive information by observing variations in encrypted packet sizes.^[1][2]

VORACLE extends earlier compression-based attacks such as CRIME and BREACH, which targeted TLS and HTTP compression respectively, by applying similar techniques at the VPN tunnel layer.^[3]

Compression-oracle attacks rely on the observation that compression algorithms produce shorter output when redundant data is present. If an attacker can influence plaintext that is compressed together with secret values and observe resulting ciphertext lengths, the attacker may infer the secret through adaptive queries.^[1]

Earlier attacks such as CRIME and BREACH demonstrated this technique against web traffic. In response, TLS and HTTP compression were widely disabled. However, compression remained enabled in some VPN implementations, creating a residual attack surface.^[4]

The VORACLE attack targets VPN configurations in which user traffic is compressed before encryption. An attacker who can inject or influence victim traffic and observe encrypted packet sizes can perform adaptive length analysis to infer secrets that share a compression context with attacker-controlled data.^[1]

Unlike CRIME and BREACH, which operate at higher protocol layers, VORACLE operates below the transport layer, allowing it to bypass mitigations that disable compression in TLS or HTTP.^[5]

The vulnerability does not depend on a specific encryption algorithm but arises from the interaction between compression and encryption.^[6]

VORACLE affects VPN setups that enable compression within encrypted tunnels, including configurations using OpenVPN and other tunneling protocols that compress plaintext prior to encryption.^[7]

The primary mitigation for the VORACLE attack is to disable compression in VPN tunnels, mirroring the mitigations adopted for earlier compression-oracle attacks.^[7]

Following public disclosure, multiple VPN providers acknowledged the vulnerability and disabled compression in affected configurations.^[7]

VPN providers including Proton VPN,^[8] ExpressVPN,^[9] NordVPN,^[10] AirVPN,^[11] TorGuard,^[12] SAP,^[13] and McAfee^[14] published public statements describing the attack and confirming configuration changes to mitigate compression-oracle risks.

• Compression oracle attack
• Side-channel attack