[Ach] SWEET32/CVE-2016-2183

Hanno Böck hanno at hboeck.de
Wed Aug 24 20:43:27 CEST 2016

On Wed, 24 Aug 2016 19:24:22 +0200
Akendo <akendo at akendo.eu> wrote:

> As far I see this, when following the recommendation for server like
> nginx or OpenVPN 3DES is disabled and it should not be an issue,
> correct?

There's probably not a whole lot for the bettercrypto guide, yet this
has some interesting aspects.

One that I think hasn't come up a lot before is limiting keepalive
connections. We actually thought about that during writing the GCM
nonce paper as well. Crypto attacks that require a lot of data to be
encrypted *with the same key* can be effectively mitigated with a
practically irrelevant performance hit if you limit requests over one
connection to - let's say - 100 (like apache does).

What might also be interesting is looking into more unusual protocols
that might still use blowfish or 3des. It was used in SSH, but lately
OpenSSH has aggressively deprecated everything old. These ciphers were
more or less considered secure. While the block collission issue is not
really new, it may not have been known so widely.

Hanno Böck

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20160824/ca5b2aa1/attachment.sig>

More information about the Ach mailing list