[BlueOnyx:20005] OpenSSL: SWEET32 / CVE-2016-2183

Michael Stauber mstauber at blueonyx.it
Wed Aug 24 11:34:36 -05 2016 

Hi all,

You know what we haven't had in a long time? Like less than a month? An
OpenSSL vulnerability. \o/

The SWEET32 Issue, CVE-2016-2183:
==================================

Short answer if BlueOnyx is affected: Nope. Regular installs of BlueOnyx
aren't affected. If you by chance use OpenVPN on BlueOnyx, then you
might want to make sure you are not using 3DES block ciphers. Other than
that: We're fine.

What is SWEET32 about?

Cryptographic protocols like TLS, SSH, IPsec, and OpenVPN commonly use
block cipher algorithms, such as AES, Triple-DES, and Blowfish, to
encrypt data between clients and servers. To use such algorithms, the
data is broken into fixed-length chunks, called blocks, and each block
is encrypted separately according to a mode of operation. Older block
ciphers, such as Triple-DES and Blowfish use a block size of 64 bits,
whereas AES uses a block size of 128 bits.

It is well-known in the cryptographic community that a short block size
makes a block cipher vulnerable to birthday attacks, even if the are no
cryptographic attacks against the block cipher itself. We observe that
such attacks have now become practical for the common usage of 64-bit
block ciphers in popular protocols like TLS and OpenVPN. Still, such
ciphers are widely enabled on the Internet. Blowfish is currently the
default cipher in OpenVPN, and Triple-DES is supported by nearly all
HTTPS web servers, and currently used for roughly 1-2% of HTTPS
connections between mainstream browsers and web servers.

We show that a network attacker who can monitor a long-lived Triple-DES
HTTPS connection between a web browser and a website can recover secure
HTTP cookies by capturing around 785 GB of traffic. In our
proof-of-concept demo, this attack currently takes less than two days,
using malicious Javascript to generate traffic. Keeping a web connection
alive for two days may not seem very practical, but it worked easily in
the lab. In terms of computational complexity, this attack is comparable
to the recent attacks on RC4. We also demonstrate a similar attack on
VPNs that use 64-bit ciphers, such as OpenVPN, where long-lived Blowfish
connections are the norm.

Countermeasures are currently being implemented by browser vendors,
OpenSSL, and the OpenVPN team, and we advise users to update to the
latest available versions.

Source: https://sweet32.info/

OpenSSL statement about the issue:

https://www.openssl.org/blog/blog/2016/08/24/sweet32/

Why is BlueOnyx not affected?
=============================

In January 2014 when we did the SSL/TLS security hardening I had
disabled all weak and no longer recommended protocols, ciphers and block
ciphers. Alongside with disabling RC4 I also disabled DES and 3DES on a
hunch, because I wasn't comfortable with the 64-bit blocksize and AES
with at least 128-bit seemed to be the much better alternative.

This now pays off. ;-)

-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list