Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
The Internet Encryption Security IT

New SWEET32 Crypto Attacks Speed Up Deprecation of 3DES, Blowfish (threatpost.com) 53

Researchers "have devised a new way to decrypt secret cookies which could leave your passwords vulnerable to theft," reports Digital Trends. Slashdot reader msm1267 writes: New attacks revealed today against 64-bit block ciphers push cryptographic ciphers such as Triple-DES (3DES) and Blowfish closer to extinction. The attacks, known as SWEET32, allow for the recovery of authentication cookies from HTTPS traffic protected by 3DES, and BasicAUTH credentials from OpenVPN traffic protected by default by Blowfish.

In response, OpenSSL is expected to remove 3DES from its default bulid in 1.1.0, and lower its designation from High to Medium 1.0.2 and 1.0.1. OpenVPN, meanwhile, is expected to release a new version as well with a warning about Blowfish and new configuration advice protecting against the SWEET32 attacks. The researchers behind SWEET32 said this is a practical attack because collisions begin after a relatively short amount of data is introduced. By luring a victim to a malicious site, the attacker can inject JavaScript into the browser that forces the victim to connect over and over to a site they're authenticated to. The attacker can then collect enough of that traffic -- from a connection that is kept alive for a long period of time -- to recover the session cookie.

This discussion has been archived. No new comments can be posted.

New SWEET32 Crypto Attacks Speed Up Deprecation of 3DES, Blowfish

Comments Filter:
  • by Anonymous Coward

    Wake me up when SWEET64 is available.

  • from what i read here, this seems 'practical' only if victim is very stupid and has no common sense practical ability, committing several silly mistakes in succession, from being lured to a fake sites to having full tracking and scripting enabled for all sites etc.

    of course, with people like hillary clinton around, who fit that description, this is useful.
    too bad being stupid and incompetent seems not to stop the careers( or have any consequence) of establishment elites no matter how many times they are ex

  • attacker can inject JavaScript into the browser that forces the victim to connect over and over to a site they're authenticated to

    Mass disconnecting has already been invented, it's called Comcast.

  • How will this affect bcrypt? Will the algo need to be redesigned?

  • What is this, 2004?
  • "The exploit, dubbed ‘Sweet32’, isn’t easy to carry out, however. It involves mining hundreds of gigabytes of data, and targeting specific users who have accessed a malicious website which saddled them with a bit of malware" ref [digitaltrends.com]
  • First, DES is 56 bit (near enough 60). Triple DES as per first mode (the authorised standard) is 168 bits. The article fails to distinguish, implying the authors are just a little bit naff. 3DES seems to be quite safe, as long as not used in DES emulation mode. And who the hell emulates a mode that was broken in the 80s?

    Second, Blowfish was replaced by TwoFish, ThreeFish and Speck. Skein, an entrant to the DES3 challenge, makes use of ThreeFish.

    Third, the Wikipedia page states it has been known for a long t

    • by Anonymous Coward

      Those are not the bit-numbers that are relevant to Sweet32. It's not about the size of the key(s), which are: 56-bit for DES, 168-bit in theory for 3DES (but actually 112-bit effectively, due to the ancient meet-in-the-middle attacks on 3DES). The problem here is the block size of the cipher in CBC mode. All DES-variants and Blowfish use a 64-bit block size, whereas all AES variants (even AES256) use a 128-bit block size. It's the smaller 64-bit block size that subjects a symmetric cipher to a birthday

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...