Vulnerable to SWEET32?

Is Syncthing really vulnerable or is this a false positive?

# nmap --script ssl-enum-ciphers -p 8384 localhost
|     warnings: 
|       64-bit block cipher 3DES vulnerable to SWEET32 attack

We certainly never ever agree to speak 3DES so from that error message I doubt it’s correct. But I don’t know much about that vulnerability and I’m at dinner so let me check it out tomorrow.

Actually, hold that. We might allow 3DES for the GUI, the place where we strictly lock down the crypto is for device to device connections.

Looking closer at it, it’s entirely possible that the GUI connection could be susceptible to this. We use the Go default TLS settings, which does include 3DES as one possible cipher. Reading about SWEET32:

We show that a network attacker who can monitor a long-lived Triple-DES HTTPS connection between a web browser and a website can recover secure HTTP cookies by capturing around 785 GB of traffic. In our proof-of-concept demo, this attack currently takes less than two days, using malicious Javascript to generate traffic. Keeping a web connection alive for two days may not seem very practical, but it worked easily in the lab.

I don’t think this is a practical attack against the GUI. It would need to be 3DES to begin with (which I would be surprised to see negotiated) and transfer 785 GB of traffic (which I would be surprised to see the GUI do, even if we do poll things now and then).

All in all, I don’t think it’s something to worry about. Although I would accept a PR to narrow down the cipher selection a little for the GUI port as well, while attempting to keep some sort of reasonable browser compatibility.

(None of this affects the sync connections, where it would be bad if we had this vulnerability.)

We assume that the attacker can control some JavaScript on a web page loaded by the user’s browser, either by actively tampering with an HTTP response on the wire, or by hosting a malicious website that the user is fooled into visiting.

So, requires MITM or phishing. With the Gui, if you can do one of those things you’ve already won: no need to use this attack.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.