The issue at the heart of the DUHK attack is a combination of two main factors.
The first is the usage of the ANSI X9.31 Random Number Generator (RNG). This is an algorithm that takes random data and generates encryption keys used to secure VPN connections, browsing sessions, and other encrypted traffic/data.
The second factor needed for a DUHK attack is when hardware vendors use a hardcoded “seed key” for the ANSI X9.31 RNG algorithm. Normally, vendors should generate a random seed key at device startup or before launching the ANSI X9.31 algorithm. This means that when you have hardware/software products that combine ANSI X9.31 and deploy a hardcoded seed key, attackers can decrypt encrypted communications carried out through that device.
The DUHK attack was discovered by two researchers from the University of Pennsylvania and one researcher from Johns Hopkins University.
The research team says they reversed engineered FortiGate firmware images and found the hard-coded seed key. They then observed traffic coming from the affected device and using the seed key, they brute-forced encrypted data to guess the rest of the encryption parameters. This, in turn, allowed them to determine the main encryption key.
