Back
Sweet32 describes a birthday attack on 64-bit block ciphers. This attack has been demonstrated against both 3DES and Blowfish, against both VPNs as well as HTTPS traffic. This attack allows an attacker who can perform an interception attack to decrypt small amounts of ciphertext, such as session tokens and other sensitive cookie values.
Generally, to be practical, this attack requires a large amount of web traffic to be captured and therefore may requite an attacker to trick or coerce the user into viewing a malicious web page in order for additional traffic to be generated to allow for a sufficient number of requests to be captured.
It is recommended that:
- DES, 3DES, and Blowfish cipher suites are avoided, in favour of more secure algorithms such as AES.
References
Previous
How Can I Turn PenTesting from a Cost into a Competitive Advantage?
Regular penetration testing (e.g. often annual) carried out be experienced professional testers can seem expensive – and in these times, when every penny counts, its easy to make the mistake of thinking that pen testing is poor value. However, the truth is that pen testing used as part of a comprehensive [...]| Play | Cover | Release Label |
Track Title Track Authors |
|---|