Bicycle attack - Definition from theHotspot Shield Glossary

This is a method of attack that is also known as a TLS Bicycle attack and is used to discover a user’s password length. The attack is specifically perpetrated against packets of data transmitted using SSL and HTTPS protocols.

While the actual password combination will remain unknown, knowing the length of the password can drastically increase an attacker’s chance of successful breaking it - It greatly reduces the possible number of variations that the password could be. The attack exploits HTTP headers and their redundancy and uses this to reveal the length of a component of data such as a password or other forms of authentication. The term Bicycle Attack was first used by Guido Vranken and is used as a reference to receiving a Bicycle as a present - Although the bicycle may be wrapped up, it is still clear that it is a bicycle as the shape can easily be identified.