Sweet32

27 October 2022 - Articles
Back

Sweet32 describes a birthday attack on 64-bit block ciphers. This attack has been demonstrated against both 3DES and Blowfish, against both VPNs as well as HTTPS traffic. This attack allows an attacker who can perform an interception attack to decrypt small amounts of ciphertext, such as session tokens and other sensitive cookie values.

Generally, to be practical, this attack requires a large amount of web traffic to be captured and therefore may requite an attacker to trick or coerce the user into viewing a malicious web page in order for additional traffic to be generated to allow for a sufficient number of requests to be captured.

It is recommended that:

  • DES, 3DES, and Blowfish cipher suites are avoided, in favour of more secure algorithms such as AES.

References

Play Cover Track Title
Track Authors