The Latest in IT Security

New collision attacks against triple-DES, Blowfish break HTTPS sessions

25
Aug
2016
New collision attacks against triple-DES, Blowfish break HTTPS sessions

New collision attacks against triple-DES, Blowfish break HTTPS sessions

There is now a practical, relatively fast attack on 64-bit block ciphers that lets attackers recover authentication cookies and other credentials from HTTPS-protected sessions, a pair of French researchers said. Legacy ciphers Triple-DES and Blowfish need to go the way of the broken RC4 cipher: Deprecated and disabled everywhere.

Dubbed Sweet32, researchers were able to take authentication cookies from HTTPS-protected traffic using triple-DES (3DES) and Blowfish and recover login credentials to be able to access victim accounts, said the researchers, Karthikeyan Bhargavan and Gaëtan Leurent of INRIA in France.

Read More

Leave a reply


Categories

TUESDAY, JULY 17, 2018

Featured

Archives

Latest Comments

Social Networks