Introduction
SWEET32 is a cryptanalysis attack on block ciphers using 64-bit block sizes. The attack was discovered in 2016 by a team of researchers from INRIA, Microsoft Research, University College London, and the University of Michigan. It affects many TLS implementations, including OpenSSL and GnuTLS.
The principle of the attack: Drowning in a flood.
The most straightforward way to explain the attack is based on the fact that the CBC mode used by TLS 1.0 and TLS 1.1 is vulnerable to a padding oracle attack.
That means an attacker can cause the server to leak information about the plaintext of the encrypted data by sending it messages with invalid padding bytes (the same type of message that one would send in an HTTP request).
Attack Overview
What is the Sweet32 attack?
The SWEET32 attack is a side-channel attack that exploits a vulnerability in the CBC cipher mode, which is commonly used with TLS (HTTP over SSL). The SWEET32 attack demonstrates that 32 bits of every 64-bit block are predictable, thereby allowing an attacker to deduce the value of the remaining 32 bits. By exploiting this weakness, a malicious actor could decrypt information protected by SSL/TLS encryption protocols such as HTTPS.
How does it work?
The Sweet32 vulnerability predicts how often an initialization vector (IV) — a random number generated by a client — will repeat itself before moving on to another IV. This allows an adversary to mount an effective brute-force attack against encrypted connections. Note that increasing key lengths or cipher strength cannot prevent this type of brute-force approach. However, mitigations are available to help avoid these kinds of attacks from succeeding in today’s environment: Stronger key exchanges and perfect forward secrecy (PFS).
Reproducing the attack?
Simply put, SWEET32 is an attack that exploits a vulnerability in how 64-bit operating systems handle password hashing. This bug was not exploitable in the past because it required an attacker to brute force every possible combination of 8 bytes.
However, as computers get faster and more powerful, it becomes easier for hackers to use GPUs (Graphics Processing Units) in consumer-grade laptops to crack passwords using a technique known as “rainbow tables.” This method enables a hacker to precompute all possible hashes by scanning through all combinations of 8 characters instead of guessing them one at a time.
Here is an example of decrypting encrypted data on a 2GB VM with a single processor.
When you learn about this vulnerability, you may assume it could be remediated by changing some settings and ensuring the website is secure. But that’s not the case. This particular vulnerability requires a lot more work than that.
What level of impact is expected?
The CBC cipher suite is an encryption algorithm used by many websites today to ensure their security and keep people from accessing information they shouldn’t have access to—like passwords or banking information. Attackers can also recover authentication data from traffic, and usernames and passwords from VPN traffic, which Blowfish secures.
This issue has been actively exploited in the wild since 2016.
Implement long-term countermeasures by disabling CBC cipher suites and upgrading the algorithm.
- Disable CBC cipher suites
- Upgrade to TLS 1.2 or higher
Your managed security provider or Atumcell can help you with any more guidance.
Conclusion
The attack is not a new method but rather an advanced approach that combines several existing methods. This attack technique can be used in many other episodes because it does not require any special tools or hardware and does not require a high level of knowledge about encryption algorithms.
About Atumcell
(Something about the company, its offerings, how to contact)
Additional Resources:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article