Sweet32 Attack

The SWEET32 attack is a cryptographic exploit that leverages a “birthday attack” against legacy 64-bit block ciphers (like Triple-DES and Blowfish) used in secure protocols such as TLS and OpenVPN. It allows an attacker to decrypt small portions of data, such as authentication cookies, by monitoring long-lived encrypted connections.

The security of a block cipher depends on the block size (n). The “birthday paradox” dictates that a collision (two different inputs producing the same ciphertext) becomes likely much earlier than exhausting the entire key space.

• A collision is expected after $\sqrt{2^n}=2^{\frac{n}{2}}$ blocks of data are encrypted.
• To execute the attack, the adversary needs ~$2^{32}$ encryptions of s and ~$2^{32}$ encryptions known m needed (under the same key)

Q&A

• How much data is needed?
  • To recover a two-block secret (such as a secure HTTP cookie), the attack requires capturing approximately 785 GB of traffic (about $2^{36.6}$ blocks).
  • In their practical experiments, researchers were able to execute the attack with 610 GB for an HTTPS connection and 705 GB for an OpenVPN connection.
• How long does this take in practice?
  • The attack generally takes less than two days (under 40 hours).
  • In the researchers’ proof-of-concept demonstrations, it took roughly 19 hours to break an OpenVPN connection and 30.5 hours to break an HTTPS connection.

¹

---

Relevant Note(s):

Footnotes

1. https://sweet32.info ↩