DUHK Crypto Attack Recovers Encryption Keys, Exposes VPN [source: bleepingcomputer]
by CIRT Team
After last week we had the KRACK and ROCA cryptographic attacks, this week has gotten off to a similarly “great” start with the publication of a new crypto attack known as DUHK (Don’t Use Hard-coded Keys).
The issue at the heart of the DUHK attack is a combination of two main factors.
The first is the usage of the ANSI X9.31 Random Number Generator (RNG). This is an algorithm that takes random data and generates encryption keys used to secure VPN connections, browsing sessions, and other encrypted traffic/data.
The second factor needed for a DUHK attack is when hardware vendors use a hardcoded “seed key” for the ANSI X9.31 RNG algorithm. Normally, vendors should generate a random seed key at device startup or before launching the ANSI X9.31 algorithm.
This means that when you have hardware/software products that combine ANSI X9.31 and deploy a hardcoded seed key, attackers can decrypt encrypted communications carried out through that device. This includes communications passing over VPN connections or encrypted web sessions that carry out login credentials, payment information, Intranet information, private enterprise data, and more.
For more, click here.