DUHK attack, continuing a week of named issues

Published: 2017-10-25
Last Updated: 2017-10-25 01:32:16 UTC
by Mark Hofman (Version: 1)
0 comment(s)

DUHK (Don't Use Hard-coded Keys) is an attack that exploits devices that use the ANSI X9.31 Random Number Generator and have a hard-coded key. Turns out that hard-coded crypto keys are not that uncommon in products. 

A device is susceptible to the attack if: 

  • It uses the X9.31 random number generator


  • The seed key used by the generator is hard-coded into the implementation


  • The output from the random number generator is directly used to generate cryptographic keys


  • At least some of the random numbers before or after those used to make the keys are transmitted unencrypted. This is typically the case for SSL/TLS and IPsec.

(from https://duhkattack.com/ ) 













The full list of susceptible devices is in the paper https://duhkattack.com/paper.pdf on page 7.  

Fortinet users make sure you are on firmware 5.x as a minimum as that changes the implementation to CTR_DRBG implementation rather than using ANSI X9.31 RNG. For other affected products the fix is generally "run the current version". 

Mark H - Shearwater


Keywords: DUHK encryption IPSEC
0 comment(s)


Diary Archives