By Mohit Kumar
October 24, 2017
DUHK — Don’t Use Hard-coded Keys — is a new ‘non-trivial’ cryptographic implementation vulnerability that could allow attackers to recover encryption keys that secure VPN connections and web browsing sessions.
The vulnerability affects products from dozens of vendors, including Fortinet, Cisco, TechGuard, whose devices rely on ANSI X9.31 RNG — an outdated pseudorandom number generation algorithm — ‘in conjunction with a hard-coded seed key.’
Before getting removed from the list of FIPS-approved pseudorandom number generation algorithms in January 2016, ANSI X9.31 RNG was included into various cryptographic standards over the last three decades.
Pseudorandom number generators (PRNGs) don’t generate random numbers at all. Instead, it is a deterministic algorithm that produces a sequence of bits based on initial secret values called a seed and the current state. It always generates the same sequence of bits for when used with same initial values.
Some vendors store this ‘secret’ seed value hard-coded into the source code of their products, leaving it vulnerable to firmware reverse-engineering.
Discovered by cryptography researchers — Shaanan Cohney, Nadia Heninger, and Matthew Green — DUHK, a ‘state recovery attack,’ allows man-in-the-middle attackers, who already know the seed value, to recover the current state value after observing some outputs.