DUHK allows attackers to recover privy encoding keys from vulnerable implementations and decode and read communications passing over VPN connections or encrypted world wide web sessions. The code data could include sensitive business data, login credentials, credit card data and other confidential subject .
The affect implementations were all historically compliant with FIPS, the Federal Information Processing Standards .
Who is vulnerable?
traffic from any VPN using FortiOS 4.3.0 to FortiOS 4.3.18 can be decrypted by a passive network adversary who can observe the code handshake dealings. other key recovery attacks on different protocols may besides be possible.
Reading: DUHK Attack
We besides found eleven other historically FIPS-certified implementations that document hard-coded X9.31 RNG seed keys in their products. We give the full list in our composition .
Users of feign products should apply the latest software updates .
A device is vulnerable to DUHK if :
- It uses the X9.31 random number generator
- The seed key used by the generator is hard-coded into the implementation
- The output from the random number generator is directly used to generate cryptographic keys
- At least some of the random numbers before or after those used to make the keys are transmitted unencrypted. This is typically the case for SSL/TLS and IPsec.
Full technical paper
Practical state recovery attacks against legacy RNG implementations [ PDF ]
By Shaanan Cohney, Nadia Heninger, and Matthew D. Green
The team can be contacted at [email protected] .
Are you a crypto implementer?
Developers of cryptanalytic software should stop using the X9.31 generator. It was removed from the number of FIPS-approved random number generation algorithm in January 2016. If you must use a pulley cipher-based RNG, do n’t use a hard-coded key, and regenerate the identify frequently .
Are you an end user of cryptography?
regularly practice software updates. It ‘s good practice and will protect you against flaws that are of greater risk to you than this one .
Are you a company worried about FIPS compliance?
Update your products to comply with the latest standards. We do n’t know of any backdoors in the current list of recommend algorithm.
Read more: A Few Thoughts on Cryptographic Engineering
Are you a government with a desire for large scale decryption capabilities?
Weakening, sabotaging, backdooring, or frontdooring encoding standards may harm both the overall security of your area vitamin a well as your reputation !
final update October 23, 2017 .