DUHK Attack Letting Hackers to Recover Encryption Key: Dont Use Hard Coded Keys

DUHK (Don’t Use Hard-coded Keys) is a vulnerability that affects devices using the ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key. The ANSI X9.31 RNG is an algorithm that until recently was commonly used to generate cryptographic keys that secure VPN connections and web browsing sessions, preventing third parties from reading intercepted communications.

DUHK is the third crypto-related vulnerability reported this month after KRACK Wi-Fi attack and ROCA factorization attack.

The vulnerability affects products from dozens of vendors, including Fortinet, Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG — an outdated pseudorandom number generation algorithm — ‘in conjunction with a hard-coded seed key.’
Discovered by cryptography researchers — Shaanan Cohney, Nadia Heninger, and Matthew Green — DUHK, a ‘state recovery attack,’ allows man-in-the-middle attackers, who already know the seed value, to recover the current state value after observing some outputs.
Using both values in hand, attackers can then use them to re-calculate the encryption keys, allowing them to recover encrypted data that could ‘include sensitive business data, login credentials, credit card data and other confidential content.’

Who is vulnerable?

Traffic from any VPN using FortiOS 4.3.0 to FortiOS 4.3.18 can be decrypted by a passive network adversary who can observe the encrypted handshake traffic. Other key recovery attacks on different protocols may also be possible.

How to Prevent Against DUHK:

  • Developers of cryptographic software should stop using the X9.31 generator.
  • Regularly apply software updates.
  • Update your products to comply with the latest standards.
The DUHK attack is a historical failure of the federal standardization process for cryptography. The general vulnerability has been known for at least two decades, yet none of the descriptions of the algorithm we could find mentioned that the seed key should be unpredictable to the attacker.
This vulnerability should be viewed in the context of a multi-year line of research showing how subverted standards, parameter choices, subtle vulnerabilities, and implementation flaws might allow state-level actors to passively decrypt encrypted network traffic.
Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

Blind SQL Injection Tutorial to Hack a Website

In the previous article, we have the basics of SQL Injection; what SQLi is and what are the types of SQL injection. And, In...

What is SQL Injection? Tutorial: Type and Example

What is SQL injection, and what are the types of SQL injection? These are the common questions, and we will seek the answer to...

Are Cisco 300-410 Exam and Its Related Certification Your Pathway to Career Success? Find Out about This

Introduction Career success can mean different things to different people. For some, it could mean having a prestigious title and for others, it could be...

How to Hack Windows 10 Password Using FakeLogonScreen in Kali Linux

This article demonstrates an in-depth guide on how to hack Windows 10 Passwords using FakeLogonScreen. Hacking Windows 10 password is an exciting topic and...