Researchers with France's INRIA are warning that 64-bit ciphers – which endure in TLS configurations and OpenVPN – need to go for the walk behind the shed.
The research institute's Karthikeyan Bhargavan and Gaëtan Leurent have demonstrated that a man-in-the-middle on a long-lived encrypted session can gather enough data for a "birthday attack" on Blowfish and triple DES encryption. They dubbed the attack "Sweet32".
Sophos' Paul Ducklin has a handy explanation of why it matters here.
The trick to Sweet32, the Duck writes, is the attackers worked out that with a big enough traffic sample, any repeated crypto block gives them a start towards breaking the encryption – and collisions are manageably common with a 64-bit block cipher like Blowfish or Triple-DES.
They call it a "birthday attack" because it works on a similar principle to what's known as the "birthday paradox" – the counter-intuitive statistic that with 23 random people in a room, there's a 50 per cent chance that two of them will share a birthday.
In the case of Sweet32 (the 32 being 50 per cent of the 64 bits in a cipher), the "magic number" is pretty big: the authors write that 785 GB of captured traffic will, under the right conditions, yield up the encrypted HTTP cookie and let them decrypt Blowfish- or Triple-DES-encrypted traffic.
[...] "Our attacks impact a majority of OpenVPN connections and an estimated 0.6% of HTTPS connections to popular websites. We expect that our attacks also impact a number of SSH and IPsec connections, but we do not have concrete measurements for these protocols" (emphasis added).
(Score: 1, Insightful) by Anonymous Coward on Wednesday August 31 2016, @03:59PM
Yes, this. IIRC openvpn defaults to key renegotiation every hour. If you have a connection capable of passing 785 GB in an hour, then you better change the renegotiation setting (can be set to seconds, bytes or packets) or use a an algo with a larger block size. Or maybe both, because it's unlikely a larger block size will affect you negatively. If your a home user living in an internet backwater like the SF Bay Area and only get ~100KB upstream, you probably don't need to worry to much (not that I'm bitter, oh wait, I am bitter!)
(Score: 3, Funny) by bob_super on Wednesday August 31 2016, @04:55PM
New Verizon marketing : "Our new plans have been tailored to guarantee your safety from Sweet32 attacks*"
*: You get half the data allocation of the previous plan, for $10/month more