SWEET32 attack

OWASP 2013-A9 OWASP 2017-A9 OWASP 2021-A6 PCI v3.2-6.5.4 OWASP PC-C1 CAPEC-217 CWE-326 ISO27001-A.14.1.3 WASC-04 WSTG-CRYP-01

The Sweet32 is an attack first found by researchers at the French National Research Institute for Computer Science (INRIA). The attack targets the design flaws in some ciphers. These ciphers are used in TLS, SSH, IPsec, and OpenVPN. The Sweet32 attack allows an attacker to recover small portions of plaintext. It is encrypted with 64-bit block ciphers (such as Triple-DES and Blowfish), under certain (limited) circumstances. The SWEET32 attack can be used to exploit the communication that uses a DES/3DES based cipher suite. A man-in-the-middle attacker could use this flaw to recover some plaintext data. The attacker can steal large amounts of encrypted traffic between TLS/SSL server and client.

The SWEET32 attack affects the commonly used algorithm like AES (Advanced Encryption Standard), Triple-DES (Data Encryption Standard) and Blowfish for encrypting communication for TLS, SSH, IPsec and OpenVPN protocol. These algorithms break the data into blocks. As these algorithms generate small sized blocks, these blocks will be vulnerable to birthday attacks. Due to a flaw in the algorithm, there will be a situation where two block has the same key. An attacker can access the information by using XOR operation on the blocks to reveal the plain text.


The impacts include:-

  • Man-in-the-middle attack: An attacker can perform a man-in-the-middle (MITM) attack on the communication channel to sniff data. These data can be used for malicious purposes.

  • Birthday attack: This attack exploits the birthday theory in probability theory. This attack uses the Pigeon-hole theory of probability. This attack finds the collision on the hash function used in the algorithm and exploits that vulnerability.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Use OpenSSL security update RHSA-2016:1940.
  • Try to avoid the usage of legacy 64-bit block ciphers.
  • Servers and VPN should use 128-bit ciphers for encryption.

Related Articles