wiki:DUHKattack

Version 2 (modified by David Sommerseth, 6 years ago) (diff)

--

DUHK attack and OpenVPN

Background

October 24, 2017 Shaanan Cohney, Nadia Heninger and Matthew D. Green released Practical state recovery attacks against legacy RNG implementations (PDF) which have been known as the DUHK attack: Don't Use Hard-coded Keys. This relates in particular to a Random Number Generator (RNG) algorithm known as ANSI X9.31 RNG.

The ANSI X.931 RNG have been deprecated as part of the FIPS specification as of January 2016 and is further discouraged elsewhere too.

How is OpenVPN affected?

OpenVPN is not affected by DUHK. All random number generation in OpenVPN is based upon the SSL/TLS libraries and, to our knowledge, neither OpenSSL nor mbed TLS depends on the ANSI X.931 RNG algorithm. Further, OpenVPN does not use or deploy any hard-coded keys or seeds for the RNG. And both OpenSSL and mbed TLS libraries implements regular re-seeding of the RNG at regular intervals.