{"id":4830,"date":"2017-10-24T18:05:02","date_gmt":"2017-10-24T22:05:02","guid":{"rendered":"http:\/\/community.mis.temple.edu\/mis5211sec001fall17\/?p=4830"},"modified":"2017-10-24T18:05:02","modified_gmt":"2017-10-24T22:05:02","slug":"hackers-recover-encryption-key-with-duhk","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/2017\/10\/24\/hackers-recover-encryption-key-with-duhk\/","title":{"rendered":"Hackers Recover Encryption Key With DUHK"},"content":{"rendered":"<p>Don&#8217;t use hard-coded keys (DUHK), a new cryptographic vulnerability that allows attackers to recover encryption keys from VPN sessions and web browsers, has been reported from KRACK Wi-Fi attack. The vulnerability affects vendor&#8217;s devices that rely on ANSI X9.31 RNG and &#8220;in conjunction with a hard-coded seed key.&#8221; ANSI x9.31 RNG is an algorithym that was commonly used to generate cryptographic keys in order to secure VPN connections and web browsers.<\/p>\n<p>The DUHK vulnerability could allow a &#8220;state recovery attack, allows man-in-the-middle attackers, who already know the seed value, to recover the current state value after observing some outputs.&#8221;<\/p>\n<p>https:\/\/duhkattack.com<\/p>\n<p>https:\/\/thehackernews.com\/2017\/10\/crack-prng-encryption-keys.html<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Don&#8217;t use hard-coded keys (DUHK), a new cryptographic vulnerability that allows attackers to recover encryption keys from VPN sessions and web browsers, has been reported from KRACK Wi-Fi attack. The vulnerability affects vendor&#8217;s devices that rely on ANSI X9.31 RNG and &#8220;in conjunction with a hard-coded seed key.&#8221; ANSI x9.31 RNG is an algorithym that [&hellip;]<\/p>\n","protected":false},"author":17287,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[722304],"tags":[],"class_list":{"0":"post-4830","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-week-08-it-services-quality","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts\/4830","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/users\/17287"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/comments?post=4830"}],"version-history":[{"count":1,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts\/4830\/revisions"}],"predecessor-version":[{"id":4831,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/posts\/4830\/revisions\/4831"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/media?parent=4830"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/categories?post=4830"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/mis5211sec001fall17\/wp-json\/wp\/v2\/tags?post=4830"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}