OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • New Attack
« previous next »
  • Print
Pages: [1]

Author Topic: New Attack  (Read 3409 times)

fabian

  • Hero Member
  • *****
  • Posts: 2737
  • Karma: 194
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
New Attack
« on: August 25, 2016, 05:30:33 pm »
There is a new attack against 64 bit ciphers: https://sweet32.info/

Please be careful when using an affected cipher especially when using it with vpn.


fabian
Logged

bobbythomas

  • Full Member
  • ***
  • Posts: 132
  • Karma: 5
    • View Profile
Re: New Attack
« Reply #1 on: August 26, 2016, 08:00:30 am »
Thanks for the update Fabian. Will make sure unaffected Ciphers are used for encryption.
Regards,
Bobby Thomas

Sent from my ONE A2003 using Tapatalk

Logged

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 12576
  • Karma: 1074
    • View Profile
Re: New Attack
« Reply #2 on: August 26, 2016, 05:35:09 pm »
My favourite bit: "by capturing around 785 GB of traffic". That's a lot for a persistent session.

Not saying this isn't a problem and that standards need to be changed (which OpenVPN did not do during their 2.3.12 bump this week), but it's easy to work around the threat model class or avoid it in particular domains.

An example: old PGP keys still use 3DES by default, but the attack is not applicable because an email will not easily sum up to what is required by the POC.


Cheers,
Franco
Logged

Julien

  • Hero Member
  • *****
  • Posts: 646
  • Karma: 32
    • View Profile
Re: New Attack
« Reply #3 on: August 27, 2016, 10:01:13 pm »
Is this also for users using SSL + User Authentication radius authentication ?
Logged
An intelligent man is sometimes forced to be drunk to spend time with his fool.

franco

  • Administrator
  • Hero Member
  • *****
  • Posts: 12576
  • Karma: 1074
    • View Profile
Re: New Attack
« Reply #4 on: August 28, 2016, 01:56:37 pm »
Yes. SSL and user credentials are for authentication, not tunnel encryption.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • New Attack
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2022 All rights reserved
  • SMF 2.0.18 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2