DUHK Attack Exposes Gaps in FIPS Certification

Despite the obligatory logo and clever name, this week’s assault on crypto, the so-called DUHK attack (Don’t Use Hardcoded Keys), isn’t likely to be part of many threat models.

Though the attack can be used to passively decrypt VPN and encrypted browser traffic, it relies on a host of implementation errors in admittedly ancient security appliances to trigger a vulnerability known for two decades in a pseudorandom number generator.

And while the issue in the ANSI X9.17/X9.31 PRNG should be patched, in particular on old versions of certain firewall appliances and VPN gateways, there is the much larger issue that the PRNG design was built into a number of crypto standards since it was published in 1985 and that it remained on the FIPS 140-1 and 140-2 lists of approved algorithms for use on government systems until January 2016.

The researchers said in a paper published Monday called “Practical state recovery attacks against legacy RNG implementations,” that a dozen products, below, that are FIPS 140-2 certified contain a static hardcoded key in the source code rendering them vulnerable to this attack. The researchers developed an attack against the Fortinet Fortigate VPN gateways running FortiOS version 4 and were able to recover the private encryption key after a few seconds of computation time.

Read more…
Source: ThreatPost