Would you say that the BREACH attack has low complexity even after considering all the required conditions for it to be successful?
- Server with gzip/deflate enabled.
- Responses which contain part of the request (reflected text).
- A victim’s response containing a secret (token, cookie, etc…)
- Around 1000 additional requests to the server in order to decrypt the victim’s response.