Tag Archives: attack

SWEET32:攻 Blowfish 與 3DES

最新的攻擊算是實戰類的攻擊,理論基礎以前都已經知道了,只是沒有人實際「完成」。算是近期少數直接對演算法的攻擊,而這些演算法剛好還是被用在 TLS 與 OpenVPN 上,所以嚴重性比較高:「SWEET32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN」。 攻擊的條件是 block cipher 的 block size,而非 key length,所以就算是 256 bits 的 Blowfish 也一樣也受到影響。 這次順利打下 Blowfish 與 3DES。這兩個 cipher 的 block size 都是 64 bits,所以對於 birthday … Continue reading

Posted in Computer, Murmuring, Network, Security, VPN, WWW | Tagged , , , , , , , , , , , , , , , | Leave a comment

Bitcoin.org 對於接下來的 release 發出警告

Bitcoin.org 發出了有點摸不著頭緒的警告:「0.13.0 Binary Safety Warning」。 Bitcoin.org has reason to suspect that the binaries for the upcoming Bitcoin Core release will likely be targeted by state sponsored attackers. As a website, Bitcoin.org does not have the necessary technical resources to guarantee … Continue reading

Posted in Computer, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , | Leave a comment

前陣子在 Black Hat 上發表的 HEIST 攻擊 (對 HTTPS 的攻擊)

又是一個對 HTTPS 的攻擊:「HEIST attack on SSL/TLS can grab personal info, Black Hat」、「New attack steals SSNs, e-mail addresses, and more from HTTPS pages」。 一樣是 Compression 產生的 side-channel attack,只是這次是結合 TCP window size 的攻擊。投影片可以在「HTTP Encrypted Information can be Stolen through TCP-windows (PDF)」這邊看到。 這次的攻擊只需要在瀏覽器上插入 … Continue reading

Posted in Browser, Computer, Murmuring, Network, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , , | Leave a comment

hashcat v3.00

hashcat 是個用暴力法拿來計算各種 reverse hash 的的工具,也就是對於 HASH(key) = value 時,給 value 的值,要求得出 key 的值 (被稱為 Preimage attack)。 雖然是暴力法,但還是花了很多力氣加速,尤其在這個 GPU 已經很常見的年代,這套軟體也支援透過 GPU 加速運算。 先前的版本是 CPU 與 GPU 分開兩個版本可以用 (CPU 版本的叫 hashcat,GPU 版本的叫做 oclHashcat),而 GPU 的版本只支援 nVidia 與 AMD 兩家大廠的顯卡。 而在 v3.00 版,透過 … Continue reading

Posted in Computer, Hardware, Murmuring, Security, Software | Tagged , , , , , , , , , , | 3 Comments

OpenSSL 的 DSA 被 Side-channel attack 打爆

在「Make Sure DSA Signing Exponentiations Really are Constant-Time」這篇文章裡面,直接透過 end-to-end 的 timing attack 打爆 (也就是透過 internet 觀察攻擊),而不需要在同一台機器上對 cache 之類的區域攻擊: A unique feature of our work is that we target common cryptographic protocols. Previous works that demonstrate cache-timing key-recovery attack only target … Continue reading

Posted in Computer, Murmuring, Network, Security, Software | Tagged , , , , , , , , , , , , , | Leave a comment

關於 Juniper ScreenOS 防火牆被放後門的研究

一樣是從 Bruce Schneier 那邊看到的:「Details about Juniper's Firewall Backdoor」,原始的研究連結在「Cryptology ePrint Archive: Report 2016/376」這邊。 ScreenOS 被放了兩個後門,一個是 SSH 的後門: Reverse engineering of ScreenOS binaries revealed that the first of these vulnerabilities was a conventional back door in the SSH password checker. 另外一個是「Dual EC … Continue reading

Posted in Computer, Hardware, Murmuring, Network, OS, Security, Software, VPN | Tagged , , , , , , , , , , , | 1 Comment

密碼系統的 Monoculture

這篇文章講到最近密碼系統的現象:「On the Impending Crypto Monoculture」。 目前常在用的密碼系統包括了 RSA、DH、ECDH、ECDSA、SHA-2、AES 這些演算法,而最近這幾年大家在推廣使用的演算法都出自於同一個人手裡,Dan Bernstein,也就是 djb: A major feature of these changes includes the dropping of traditional encryption algorithms and mechanisms like RSA, DH, ECDH/ECDSA, SHA-2, and AES, for a completely different set of mechanisms, including … Continue reading

Posted in Computer, Murmuring, Security | Tagged , , , , , , , , , , , , , , , , , , , , , , , , , , , | 1 Comment

最新的 SSL connection 攻擊:DROWN attack

前幾天 OpenSSL 宣佈將在三月一日更新版本,包括了幾項層級被標示為 High 的問題:「[openssl-announce] Forthcoming OpenSSL releases」。 今天看到這個問題了,被稱為「The DROWN Attack」,全名為 Decrypting RSA with Obsolete and Weakened eNcryption,整個 internet 上大約 33% 的伺服器受到影響: Our measurements indicate 33% of all HTTPS servers are vulnerable to the attack. 包括兩類,第一類是支援 SSLv2 的伺服器,約 17%: It … Continue reading

Posted in Computer, Murmuring, Network, Security, WWW | Tagged , , , , , , | 2 Comments

Linode 的被攻擊報告

Linode 這陣子一直被 DDoS 攻擊,前幾天放出報告:「The Twelve Days of Crisis – A Retrospective on Linode’s Holiday DDoS Attacks」。 其中這段提到了一些數字,Linode 有個小機房有 40Gbps 的能力,但以現在的 DDoS 規模會馬上爆掉: Linode’s capacity management strategy for IP transit has been simple: when our peak daily utilization starts approaching 50% … Continue reading

Posted in Computer, DNS, Murmuring, Network, Security | Tagged , , , , , , , , | Leave a comment

Amazon 之前放出的 s2n 的安全性問題

Amazon 之前放 s2n 出來當作 TLS protocol 的方案,於是就有人摸出東西來:「Lucky Microseconds: A Timing Attack on Amazon's s2n Implementation of TLS」。 即使是經過外部資安檢證,仍然還是有找到問題。這次找到的問題是 timing attack 類在 CBC-mode 下的 plaintext recovery: At the time of its release, Amazon announced that s2n had undergone three external security … Continue reading

Posted in Computer, Network, Programming, Security, Software, WWW | Tagged , , , , , , , , , , , , , , , | 1 Comment