Author: HollyGraceful Published: 27 October 2022 Last Updated: 03 November 2022
Sweet32 describes a birthday attack on 64-bit block ciphers. This attack has been demonstrated against both 3DES and Blowfish, against both VPNs as well as HTTPS traffic. This attack allows an attacker who can perform an interception attack to decrypt small amounts of ciphertext, such as session tokens and other sensitive cookie values.
Generally, to be practical, this attack requires a large amount of web traffic to be captured and therefore may requite an attacker to trick or coerce the user into viewing a malicious web page in order for additional traffic to be generated to allow for a sufficient number of requests to be captured.
It is recommended that:
- DES, 3DES, and Blowfish cipher suites are avoided, in favour of more secure algorithms such as AES.