Versions Compared

Old Version 2

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Add_workflow_for_techpubs
AUTH1bgoswami
REV5bgoswami
REV6bgoswami
REV3bgoswami
REV1bgoswami

Panel

In this section:

Table of Contents
maxLevel4

...

The Sweet32 attack is a birthday attack on 64-bit block ciphers in TLS and OpenVPN. The cryptographic protocol like TLS commonly uses block cipher algorithms, such as Advanced Encryption System (AES) or Triple Data Encryption Algorithm (Triple-DES), to encrypt data between clients and servers. These algorithms are implemented by dividing the data into fixed-length chunks, called blocks. Each block is encrypted separately according to a mode of operation.

...

In a simple birthday attack against CBC: after 2n/2 message blocks encrypted with the same key (in the same message or in different messages), a collision between two ciphertext blocks is expected. A collision in the output means that the inputs are the same divulging secret information.Using malicious Javascript, a network attacker can monitor a long-lived Triple-DES HTTPS connection between a web browser and a website. The attacker can recover the secure HTTP cookies by capturing around 785 GB of traffic in less than two days.

Precaution Against Sweet32 Attack

To secure the confidential information from this critical SWEET32 birthday attack vulnerability, it is crucial to stop using the legacy 64-bit block ciphers and is highly recommended that the Web servers must be configured to the preferred 128-bit ciphers. Thus, these weak ciphers such as RC4, DES, 3DES, and so on must be disabled in the SSL configuration and strong ciphers such as AES must be enabled for security.

...

iconfalse
titleNote

...

.

Pagebreak