SWEET32:攻 Blowfish 與 3DES

最新的攻擊算是實戰類的攻擊,理論基礎以前都已經知道了,只是沒有人實際「完成」。算是近期少數直接對演算法的攻擊,而這些演算法剛好還是被用在 TLSOpenVPN 上,所以嚴重性比較高:「SWEET32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN」。

攻擊的條件是 block cipher 的 block size,而非 key length,所以就算是 256 bits 的 Blowfish 也一樣也受到影響。

這次順利打下 Blowfish3DES。這兩個 cipher 的 block size 都是 64 bits,所以對於 birthday attack 來說只要 232 就可以搞定:

This problem is well-known by cryptographers, who always require keys to be changed well before 2n/2 blocks. However it is often minimized by practitioners because the attacks require known plaintext, and reveal only little information. Indeed, standard bodies only recommend to change the key just before 2n/2 blocks, and many implementations don't enforce any limit on the use of a key.

在 OpenVPN 打 Blowfish 的部份 (Blowfish 是 OpenVPN 預設的 cipher):

In our demo, it took 18.6 hours and 705 GB, and we successfully recovered the 16-byte authentication token.

以及 HTTPS 打 3DES 的部份 (為了相容性問題):

Experimentally, we have recovered a two-block cookie from an HTTPS trace of only 610 GB, captured in 30.5 hours.

都是有可能的等級。也該來拔掉對 IE8 的支援了... orz

Love your country, but never trust its government

Hacker News Daily 上看到的,在 Sun-2 的 bootloader 裡可以看到「Love your country, but never trust its government」這樣的字串:「Why the Sun 2 has the message "Love your country, but never trust its government"」。

這段字串是由 John Gilmore 當時在 Sun 開發時所放入的,John Gilmore 同時也是後來 EFF 創辦人之一,不過當初放入這段字串的目的是為了抓到盜版:

Yes. Vinod Khosla, first President of Sun, came to me at one point and said to put something hidden, triggered in an unexpected way, into the ROM Monitor, so that if somebody cloned the Sun Workstation (violating our software’s copyright), we could do that unexpected thing to the competitor’s demo workstation at a trade show and thereby prove that they had cloned it.

過了三十年後 John Gilmore 被挖出來問的回應也是蠻有趣的... (可以參考原文附上的信件)

而這句話現在回頭看也很經典,尤其是最近各國政府想要在 crypto system 裡面放後門的各種反應。