How to prevent a SWEET32 attack
The Sweet32 attack is a cybersecurity vulnerability that exploits block cipher collisions. Attackers can use 64-bit block ciphers to compromise HTTPS connections.
Security Assessment
CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What is the SWEET Attack?
The Sweet32 attack is based on a security weakness in the block ciphers used in cryptographic protocols. It is similar to the RC4 attacks in terms of computational complexity.
At the same time, block ciphers are used on many occasions. For example, OpenVPN has as the default cipher Blowfish. Almost all HTTPS web servers support the Triple-DES algorithm.
Best way to prevent SWEET32 attacks
To prevent SWEET32 attacks, you need to ensure your systems use only strong ciphers with large block sizes. This is because aA modern block cipher would rely on a higher number of blocks.
See Secure TLS Configuration for more information on configuring suitable cipher suites and minimizing the chance for block cipher collisions.
Want to verify the level of security of your web app or API? You can use the Crashtest Security SSL Vulnerability Scanner to discover vulnerabilities right away.