It is well-known in the cryptographic community that a short block size makes a block cipher vulnerable to birthday attacks, even if there are no cryptographic attacks against the block cipher itself. We observe that such attacks have now become practical for the common usage of 64-bit block ciphers in popular protocols like TLS and OpenVPN. Still, such ciphers are widely enabled on the Internet. Blowfish is currently the default cipher in OpenVPN, and Triple-DES is supported by nearly all HTTPS web servers, and currently used for roughly 1-2% of HTTPS connections between mainstream browsers and web servers.
Countermeasures are currently being implemented by browser vendors, OpenSSL, and the OpenVPN team, and we advise users to update to the latest available versions.
Our results will appear in the following technical paper at ACM CCS 2016:
E sad konkretno pitanje u vezi VPNa... Na par lokacija koristim Blowfish-CBC i ako sam dobro razumeo, a nadam se da jesam, " In our demo, it took 18.6 hours and 705 GB, and we successfully recovered the 16-byte authentication token".
Ovo znači da je potrebno oko 705GB podataka da bi se provalio OpenVPN tunel? Kako je upload 6 - 10Mb u sekundi na pojedinim lokacijama i sa tim se može ostvariti 2 - 4GB protoka tokom sat vremena, a kako se u OpenVPNu novi ključ menja po defaultu na svakih sat vremena, samim tim bi trebalo za sada da takve tunele čini imunim na ovaj napad?