Draft:VORACLE
Compression-oracle attack targeting VPN traffic
From Wikipedia, the free encyclopedia
 | Review waiting, please be patient.
This may take 7 weeks or more, since drafts are reviewed in no specific order. There are 2,875 pending submissions waiting for review.
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
Reviewer tools
|
Submission declined on 28 January 2026 by AllWeKnowOfHeaven (talk).
Where to get help
How to improve a draft
You can also browse Wikipedia:Featured articles and Wikipedia:Good articles to find examples of Wikipedia's best writing on topics similar to your proposed article. Improving your odds of a speedy review To improve your odds of a faster review, tag your draft with relevant WikiProject tags using the button below. This will let reviewers know a new draft has been submitted in their area of interest. For instance, if you wrote about a female astronomer, you would want to add the Biography, Astronomy, and Women scientists tags. Editor resources
This draft has been resubmitted and is currently awaiting re-review. |  |
VORACLE
The VORACLE (short for VPN ORACLE) is a class of compression oracle attacks against virtual private network (VPN) traffic that exploit the use of data compression prior to encryption. According to published research, an active network adversary can infer sensitive information by observing variations in encrypted packet sizes.[1][2]
VORACLE applies techniques similar to earlier compression-based attacks such as CRIME and BREACH, which targeted TLS and HTTP compression respectively, but at the VPN tunnel layer.[3]
Background
Compression-oracle attacks rely on the observation that compression algorithms produce shorter output when redundant data is present. If an attacker can influence plaintext that is compressed together with secret values and observe resulting ciphertext lengths, the attacker may infer the secret through adaptive queries.[1]
Attacks such as CRIME and BREACH demonstrated this technique against web traffic. As a result, TLS and HTTP compression were widely disabled. However, compression remained enabled in some VPN implementations, which researchers identified as a potential residual attack surface.[4]
Attack description
The VORACLE technique targets VPN configurations in which user traffic is compressed before encryption. In such configurations, an attacker who can inject or influence victim traffic and observe encrypted packet sizes may be able to perform adaptive length analysis to infer data that share a compression context with attacker-controlled input.[1]
Whereas CRIME and BREACH operate at higher protocol layers, VORACLE operates at the VPN layer, and therefore is not mitigated by disabling compression in TLS or HTTP alone.[5]
The issue is independent of the specific encryption algorithm used and arises from the interaction between compression and encryption.[6]
Affected systems
Mitigation
The mitigation recommended by researchers and vendors is to disable compression in VPN tunnels, consistent with the approach previously taken for TLS and HTTP compression-oracle attacks.[7]
- promotional language: see Words to watch;
- personal commentary: opinions or direct addresses to the reader;
- informal language.
Instead, only summarize in your own words a range of independent, reliable, published sources that discuss the subject.