New SWEET32 Crypto Attacks Speed Up Deprecation of 3DES, Blowfish (threatpost.com) 53
Researchers "have devised a new way to decrypt secret cookies which could leave your passwords vulnerable to theft," reports Digital Trends. Slashdot reader msm1267 writes: New attacks revealed today against 64-bit block ciphers push cryptographic ciphers such as Triple-DES (3DES) and Blowfish closer to extinction. The attacks, known as SWEET32, allow for the recovery of authentication cookies from HTTPS traffic protected by 3DES, and BasicAUTH credentials from OpenVPN traffic protected by default by Blowfish.
In response, OpenSSL is expected to remove 3DES from its default bulid in 1.1.0, and lower its designation from High to Medium 1.0.2 and 1.0.1. OpenVPN, meanwhile, is expected to release a new version as well with a warning about Blowfish and new configuration advice protecting against the SWEET32 attacks. The researchers behind SWEET32 said this is a practical attack because collisions begin after a relatively short amount of data is introduced. By luring a victim to a malicious site, the attacker can inject JavaScript into the browser that forces the victim to connect over and over to a site they're authenticated to. The attacker can then collect enough of that traffic -- from a connection that is kept alive for a long period of time -- to recover the session cookie.
In response, OpenSSL is expected to remove 3DES from its default bulid in 1.1.0, and lower its designation from High to Medium 1.0.2 and 1.0.1. OpenVPN, meanwhile, is expected to release a new version as well with a warning about Blowfish and new configuration advice protecting against the SWEET32 attacks. The researchers behind SWEET32 said this is a practical attack because collisions begin after a relatively short amount of data is introduced. By luring a victim to a malicious site, the attacker can inject JavaScript into the browser that forces the victim to connect over and over to a site they're authenticated to. The attacker can then collect enough of that traffic -- from a connection that is kept alive for a long period of time -- to recover the session cookie.
What? No 64 bit? (Score:1)
Wake me up when SWEET64 is available.
Re: (Score:2)
AES is symetrically keyed.
How do you propose the key be sent out-of-band for web browsers?
--
BMO
Re: (Score:1)
You sound a little alarmist. Specifically, I have no faith that browsers are inherently secure, given the unending series of flaws against them, so I find the idea that browsers must be updated to be pretty compelling. That being said, what do you think of Pale Moon? And do any of the chromium forks strike you as secure? Those strip out most of the botnet behavior of Chrome and Chromium.
I find the claims that open source is deliberately compromised to be not-very-compelling. My reasoning is thus: A sys
Re: (Score:1)
If Ubisoft or Steam or similar are compromised you will just not use that site any more.
The whole point is to protect yourself from compromised sites, when you don't know they're compromised. If nobody went to cormpromised sites anyway, security wouldn't be the big deal it has to be today. These announcements are not being made to protect "l33t gamer in mom's basement", they are being made to discuss with software vendors of web clients and servers how to make *mom* safer. And grandma. And all the other people you won't talk to because they're just so stupid.
Re: (Score:2)
I do not shop online with an unlimited credit card. I put money into the card account in order to make that purchase. I also live about 1/2 kilometer (just under a half mile) to a local bank branch, in which I withdraw my weekly need of cash.
There is a negative aspect to my way of doing things. I have no credit history to speak of, except for my bank which knows me. I was able to get a very low cost mortgage, when I needed it, but it took some work to get the credit rating companies to do their work and l
Re: (Score:2)
Wait... are you saying that AES can't be used in place of 3DES and Blowfish because it's a symmetric-key algorithm, or am I misunderstanding you? Because 3DES and Blowfish are also symmetric-key ciphers.
Re: (Score:2)
I thought the whole point of asymmetric keys is that you can send the "encode" key in band and keep the secret "decode" key yourself.
If you're exchanging symmetric keys over IP wouldn't someone in the middle be able to sniff it out?
>if 3DES and Blowfish are symmetric, and they are used over the Internet, someone must have figured out how to exchange the key that I don't know about.
>off to quick research
>find out about diffie-hellman key exchange of symmetric keys
I know far too little about cryptogr
Re: (Score:2)
I thought the whole point of asymmetric keys is that you can send the "encode" key in band and keep the secret "decode" key yourself.
Yes, but assymetric encryption is slow, because you need about 5 - 10 times the key size to get the same level of security, and the algorithms are more complex. So in practice you only use it to encrypt a symmetric key, which you will use for the rest of the session.
Re: (Score:2)
The point is not to replace everything with AES but to use AES instead of weak ciphers like 3DES and RC4.
Re: (Score:2)
How do you propose the key be sent out-of-band for web browsers?
The same way that 3DES and Blowfish keys are sent currrently.
Re: (Score:3)
Re: (Score:2)
Your suggestion to keep an incorrect clock is complete bullshit and achieves the opposite of what you claim. Most peoples' clocks are accurate within a few seconds of one another. If your clock is reasonably true, your timestamp gets lost in the noise among millions of other users who have the same timestamp. An accurate system clock is one less unique data point that can be used against you. If you intentionally skew your clock way off, you're much easier to track across different services because your com
"practical" if victim is stupid (Score:2)
from what i read here, this seems 'practical' only if victim is very stupid and has no common sense practical ability, committing several silly mistakes in succession, from being lured to a fake sites to having full tracking and scripting enabled for all sites etc.
of course, with people like hillary clinton around, who fit that description, this is useful.
too bad being stupid and incompetent seems not to stop the careers( or have any consequence) of establishment elites no matter how many times they are ex
Re: (Score:2)
So by your described metric, all of our non-technical families and friends are very stupid and have no common sense practical ability and it's their fault
no, your logic is faulty.
one or more of common sense actions like avoiding fake sites pretending to be others, and having widely used no tracking and no scripting extensions would prevent this 'attack' . all that does not require technical knowledge.
common sense competence and caution, which people like hillary clearly lacks, is all that is required.
Re: (Score:2)
one or more of common sense actions like avoiding fake sites pretending to be others, and having widely used no tracking and no scripting extensions would prevent this 'attack' . all that does not require technical knowledge.
No, you're mistaken. Much of the web doesn't work without some amount of scripting and cookies. Now, I run those scripting and tracking blockers. However, it's quite a game to get some sites working, knowing which scripts I have to enable. That is far beyond the expertise of plenty of s
Re: (Score:2)
you are free to dig yourself into a hole by using faulty logic.
it is irrational to claim that exercise basic common sense and caution, require technical knowhow.
as usage stats indicate, billions of people have what is required use no tracking and no scripting extensions. same with being not lured in to fake sites and easy to use white listing of authentic sites when needed . .
all it takes to be safe from this 'attack' is common sense and caution at any point of its requirements for success
as i said from fir
Re: (Score:2)
since you have made the same point as another please refer to my reply to that in sibling thread.
Prior art (Score:1)
Mass disconnecting has already been invented, it's called Comcast.
I sort of wonder (Score:2)
How will this affect bcrypt? Will the algo need to be redesigned?
3DES? Blowfish? (Score:2)
Re: (Score:2)
As far as I know 128-bit blowfish is the default cipher in openvpn, which is widely used. I'm trying to determine how to harden my openvpn network and change ciphers, probably to AES I suppose.
Re: (Score:2)
I've actually distrusted 3DES since the first Bush administration...
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Microsoft Windows strikes again .. (Score:2)
A few obvious corrections (Score:2)
First, DES is 56 bit (near enough 60). Triple DES as per first mode (the authorised standard) is 168 bits. The article fails to distinguish, implying the authors are just a little bit naff. 3DES seems to be quite safe, as long as not used in DES emulation mode. And who the hell emulates a mode that was broken in the 80s?
Second, Blowfish was replaced by TwoFish, ThreeFish and Speck. Skein, an entrant to the DES3 challenge, makes use of ThreeFish.
Third, the Wikipedia page states it has been known for a long t
Re: (Score:1)
Those are not the bit-numbers that are relevant to Sweet32. It's not about the size of the key(s), which are: 56-bit for DES, 168-bit in theory for 3DES (but actually 112-bit effectively, due to the ancient meet-in-the-middle attacks on 3DES). The problem here is the block size of the cipher in CBC mode. All DES-variants and Blowfish use a 64-bit block size, whereas all AES variants (even AES256) use a 128-bit block size. It's the smaller 64-bit block size that subjects a symmetric cipher to a birthday