Stories
Slash Boxes
Comments

SoylentNews is people

Big Data Busts Crypto: 'Sweet32' Captures Collisions in Old Ciphers

posted by janrinok on Wednesday August 31 2016, @01:46PM   Printer-friendly
from the 64-bits-should-be-enough-for-anyone dept.

Arthur T Knackerbracket has found the following story:

Researchers with France's INRIA are warning that 64-bit ciphers – which endure in TLS configurations and OpenVPN – need to go for the walk behind the shed.

The research institute's Karthikeyan Bhargavan and Gaëtan Leurent have demonstrated that a man-in-the-middle on a long-lived encrypted session can gather enough data for a "birthday attack" on Blowfish and triple DES encryption. They dubbed the attack "Sweet32".

Sophos' Paul Ducklin has a handy explanation of why it matters here.

The trick to Sweet32, the Duck writes, is the attackers worked out that with a big enough traffic sample, any repeated crypto block gives them a start towards breaking the encryption – and collisions are manageably common with a 64-bit block cipher like Blowfish or Triple-DES.

They call it a "birthday attack" because it works on a similar principle to what's known as the "birthday paradox" – the counter-intuitive statistic that with 23 random people in a room, there's a 50 per cent chance that two of them will share a birthday.

In the case of Sweet32 (the 32 being 50 per cent of the 64 bits in a cipher), the "magic number" is pretty big: the authors write that 785 GB of captured traffic will, under the right conditions, yield up the encrypted HTTP cookie and let them decrypt Blowfish- or Triple-DES-encrypted traffic.

[...] "Our attacks impact a majority of OpenVPN connections and an estimated 0.6% of HTTPS connections to popular websites. We expect that our attacks also impact a number of SSH and IPsec connections, but we do not have concrete measurements for these protocols" (emphasis added).

Original Submission

 
This discussion has been archived. No new comments can be posted.
Big Data Busts Crypto: 'Sweet32' Captures Collisions in Old Ciphers | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday August 31 2016, @02:08PM

    by Anonymous Coward on Wednesday August 31 2016, @02:08PM (#395685)

    You had me just until "64-bit cyphers"... why are we still using these ridiculously small amounts of bits?

  • (Score: 2) by EvilSS on Wednesday August 31 2016, @02:19PM

    by EvilSS (1456) Subscriber Badge on Wednesday August 31 2016, @02:19PM (#395691)

    Complacency. People either don't know because the system it's in is a black box to them (either due to design or their own ignorance of them), or they take the "If it ain't broke, don't fix it" stand and because their users can still get it, it's obviously not broke so why take any risk in upgrading/replacing it (or spend any money on it). Eventually people doing this end up in a clusterfuck emergency when it does break or gets compromised but they will turn around after that and keep on with their same complacent attitudes, plodding headlong into the next emergency.

    • (Score: 0) by Anonymous Coward on Wednesday August 31 2016, @03:48PM

      by Anonymous Coward on Wednesday August 31 2016, @03:48PM (#395716)

      I find it even more telling because the designers of Blowfish and 3DES have said to use their more secure successors.

      But part of the problem is that people don't really understand cryptography, so what they will do is use their favorite search engine and follow the instructions there, and if the instructions are insecure, then they will use insecure options. The other one is where the software uses insecure defaults, for an every-person configuration, and people don't tighten them down because they don't understand that they need to because the software works and there aren't any hint in the instructions.

  • (Score: 2, Interesting) by Anonymous Coward on Wednesday August 31 2016, @02:22PM

    by Anonymous Coward on Wednesday August 31 2016, @02:22PM (#395693)

    Actually, the better question is why the key remains the same over such long times. I mean, it cannot be hard to re-negotiate a new session key every few gigabytes, can it?

    I mean, I'm forced to change my password in regular intervals, so the idea of regularly changing security tokens is not exactly a revolutionary idea.

  • (Score: 2) by Kromagv0 on Wednesday August 31 2016, @06:55PM

    by Kromagv0 (1825) on Wednesday August 31 2016, @06:55PM (#395799) Homepage

    In the example BLOWFISH isn't a 64 bit cypher in that that key is 64 bits (it is actually 488 bits) but the block size is 64 bits. Similar with 3DES which has an effective key length (IIRC) of 112 but again has a block size of 64 bits. There really isn't anything special about this given that years ago the GPG FAQ [gnupg.org] recommended against using BLOWFISH and 3DES when encrypting more than 4GB because of the potential collision problem.

    --
    T-Shirts and bumper stickers [zazzle.com] to offend someone