Description: Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
sweet32 triple-des blowfish birthday birthday attack tls https v (1)
Cryptographic protocols like TLS , SSH , IPsec , and OpenVPN commonly use block cipher algorithms, such as AES, Triple-DES, and Blowfish, to encrypt data between clients and servers. To use such algorithms, the data is broken into fixed-length chunks, called blocks, and each block is encrypted separately according to a mode of operation . Older block ciphers, such as Triple-DES and Blowfish use a block size of 64 bits, whereas AES uses a block size of 128 bits.
It is well-known in the cryptographic community that a short block size makes a block cipher vulnerable to birthday attacks , even if there are no cryptographic attacks against the block cipher itself. We observe that such attacks have now become practical for the common usage of 64-bit block ciphers in popular protocols like TLS and OpenVPN. Still, such ciphers are widely enabled on the Internet. Blowfish is currently the default cipher in OpenVPN, and Triple-DES is supported by nearly all HTTPS web server
We show that a network attacker who can monitor a long-lived Triple-DES HTTPS connection between a web browser and a website can recover secure HTTP cookies by capturing around 785 GB of traffic. In our proof-of-concept demo, this attack currently takes less than two days, using malicious Javascript to generate traffic. Keeping a web connection alive for two days may not seem very practical, but it worked easily in the lab. In terms of computational complexity, this attack is comparable to the recent attack
Applied Crypto Hardening: bettercrypto.org
Mundo Tecnológico – Blog sobre Segurança da Informação e Tecnologia -Diego Piffaretti
Website Security Checker | Malware Scan | Sucuri SiteCheck
Crypto Cheatsheet