Stories
Slash Boxes
Comments

SoylentNews is people

Big Data Busts Crypto: 'Sweet32' Captures Collisions in Old Ciphers

posted by janrinok on Wednesday August 31 2016, @01:46PM   Printer-friendly
from the 64-bits-should-be-enough-for-anyone dept.

Arthur T Knackerbracket has found the following story:

Researchers with France's INRIA are warning that 64-bit ciphers – which endure in TLS configurations and OpenVPN – need to go for the walk behind the shed.

The research institute's Karthikeyan Bhargavan and Gaëtan Leurent have demonstrated that a man-in-the-middle on a long-lived encrypted session can gather enough data for a "birthday attack" on Blowfish and triple DES encryption. They dubbed the attack "Sweet32".

Sophos' Paul Ducklin has a handy explanation of why it matters here.

The trick to Sweet32, the Duck writes, is the attackers worked out that with a big enough traffic sample, any repeated crypto block gives them a start towards breaking the encryption – and collisions are manageably common with a 64-bit block cipher like Blowfish or Triple-DES.

They call it a "birthday attack" because it works on a similar principle to what's known as the "birthday paradox" – the counter-intuitive statistic that with 23 random people in a room, there's a 50 per cent chance that two of them will share a birthday.

In the case of Sweet32 (the 32 being 50 per cent of the 64 bits in a cipher), the "magic number" is pretty big: the authors write that 785 GB of captured traffic will, under the right conditions, yield up the encrypted HTTP cookie and let them decrypt Blowfish- or Triple-DES-encrypted traffic.

[...] "Our attacks impact a majority of OpenVPN connections and an estimated 0.6% of HTTPS connections to popular websites. We expect that our attacks also impact a number of SSH and IPsec connections, but we do not have concrete measurements for these protocols" (emphasis added).

Original Submission

 
This discussion has been archived. No new comments can be posted.
Big Data Busts Crypto: 'Sweet32' Captures Collisions in Old Ciphers | Log In/Create an Account | Top | 13 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Insightful) by Anonymous Coward on Wednesday August 31 2016, @03:59PM

    by Anonymous Coward on Wednesday August 31 2016, @03:59PM (#395717)

    Yes, this. IIRC openvpn defaults to key renegotiation every hour. If you have a connection capable of passing 785 GB in an hour, then you better change the renegotiation setting (can be set to seconds, bytes or packets) or use a an algo with a larger block size. Or maybe both, because it's unlikely a larger block size will affect you negatively. If your a home user living in an internet backwater like the SF Bay Area and only get ~100KB upstream, you probably don't need to worry to much (not that I'm bitter, oh wait, I am bitter!)

    Starting Score:    0  points
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Total Score:   1  

  • (Score: 3, Funny) by bob_super on Wednesday August 31 2016, @04:55PM

    by bob_super (1357) on Wednesday August 31 2016, @04:55PM (#395739)

    New Verizon marketing : "Our new plans have been tailored to guarantee your safety from Sweet32 attacks*"
    *: You get half the data allocation of the previous plan, for $10/month more