Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

64 bit ciphers attack in 75 hours => AES-GCM attack in 75 hours?

0
0
64 bit ciphers attack in 75 hours => AES-GCM attack in 75 hours? 31 minutes ago
64 bit ciphers attack in 75 hours => AES-GCM attack in 75 hours?

There is a new attack/paper from the INRIA ( Matthew Green has a good explanation on the attack ) that continues the trend introduced by rc4nomore of long attacks . The paper is branded as "Sweet32" which is a collision attack playing on the birthday paradox (hence the cake in the logo) to break 64-bit ciphers like 3DES or Blowfish in TLS.

Rc4nomorewas showing off with numbers like 52 hours to decrypt a cookie. This new attack needed more queries (\(2^{32}\), hence the 32 in the name) and so it took longer in practice: 75 hours. And if the numbers are correct, this should answer the question I raised in one of my blogpost a few weeks ago:

the nonce is the part that should be different for every different message you encrypt. Some increment it like a counter, some others generate them at random. This is interesting to us because the birthday paradox tells us that we'll have more than 50% chance of seeing a nonce repeat after \(2^{32}\) messages. Isn't that pretty low?

The number of queries here are the same for these 64-bit ciphers and AES-GCM. As the AES-GCM attack pointed:

we discovered over 70,000 HTTPS servers using random nonces

This means that 70,000 HTTPS servers are vulnerable to a 75 hours BEAST-style attack on AES-GCM


Viewing all articles
Browse latest Browse all 12749

Latest Images

Trending Articles





Latest Images