It is currently 15-12-2017 15:16

SWEET32 attack on ciphers 3DES and Blowfish can be used to decrypt cookies

SWEET32 attack on ciphers 3DES and Blowfish can be used to decrypt cookies

by sigismund » 2016-08-25 12:28:50


the Researchers will officially launch the attack next month.


In recent years more and more browsers refuse to use the stream cipher RC4. It seems that soon the same fate will befall Triple-DES (3DES) and Blowfish, the researchers Gaetan Laurent (Gaetan Leurent and Karthikeyan Bhargavan (Karthikeyan Bhargavan).

At the conference ACM Conference on Computer and Communications Security, which next month will take place in Austria, the experts will present the attack SWEET32 on 64-bit ciphers. According to them, it can help to obtain authentication cookies from the traffic is encrypted using 3DES and transmitted over HTTPS. In addition, the attack allows you to recover usernames and passwords from traffic via OpenVPN and encrypted using Blowfish.

SWEET32 is an attack collision search for ciphers in CBC mode (cipher-block chaining using the feedback mechanism). As explained by experts, such 64-bit ciphers like 3DES and Blowfish are still supported in TLS, IPsec, SSH, and other protocols. According to Laurent, browsers are not abandoning 3DES and just waiting for the code going to be used. Currently SWEET32 is not a common attack, but developers and enterprises have to deal with them the same way as with RC4, experts believe.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5