You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Current »

In this section:

Overview

The Sweet32 attack is a birthday attack on 64-bit block ciphers in TLS and OpenVPN. The cryptographic protocol like TLS commonly uses block cipher algorithms, such as Advanced Encryption System (AES), to encrypt data between clients and servers. These algorithms are implemented by dividing the data into fixed-length chunks, called blocks. Each block is encrypted separately according to a mode of operation.

It is proved that most modes of operations are secure up to 2n/2 blocks of plain text (here n is the block size), a limit that is commonly called the birthday bound. In Cipher Block Chaining (CBC) mode, the probability of collisions becomes significant after 2n/2 blocks because of the birthday paradox. A short block size makes a block cipher vulnerable to birthday attacks, even if there are no cryptographic attacks against the block cipher.

In a simple birthday attack against CBC: after 2n/2 message blocks encrypted with the same key (in the same message or in different messages), a collision between two ciphertext blocks is expected. A collision in the output means that the inputs are the same divulging secret information.

Precaution Against Sweet32 Attack

To secure the confidential information from this critical SWEET32 birthday attack vulnerability, it is crucial to stop using the legacy 64-bit block ciphers and is highly recommended that the Web servers must be configured to the preferred 128-bit ciphers. Thus, these weak ciphers such as RC4, DES, and so on must be disabled in the SSL configuration and strong ciphers such as AES must be enabled for security.

  • No labels