DUHK ATTACK – MrHacker

DUHK ATTACK EXPOSES GAPS IN FIPS CERTIFICATION

Despite the obligatory logo and clever name, this week’s assault on crypto, the so-called DUHK attack (Don’t Use Hardcoded Keys), isn’t likely to be part of many threat models. Though the attack can be used to passively decrypt VPN and encrypted browser traffic, it relies on a host of implementation errors in admittedly ancient security appliances to […]

Oct 25, 2017

DUHK Attack allows Hackers to Recover Encryption Keys and Decrypt Communications Passing Over VPN

DUHK attack targets the old vulnerability that resides in the pseudorandom number generator called ANSI X9.31. It is an algorithm widely used to generate cryptographic keys that secure VPN connections and web browsing sessions. ANSI X9.31 PRNG is a pseudorandom number generator algorithm design that was incorporated into different structures cryptographic standards and listed as […]

root