[aklug] DUHK attack - Fortinet hard-coded RNG seed key

Royce Williams royce at tycho.org
Mon Oct 23 11:10:03 AKDT 2017

If you are running FortiOSv4, you should move to v5 as soon as feasible.

Summary page:

Blog post from Matthew Green (one of the authors):


Technical paper:

Killer quote:

*In order to demonstrate the practicality of this attack, we develop a full
passive decryption attack against FortiGate VPN gateway products using
FortiOS version 4. Private key recovery requires a few seconds of
computation. We measured the prevalence of this vulnerability on the
visible Internet using active scans and find that we are able to recover
the random number generator state for 21% of HTTPS hosts serving a default
Fortinet product certificate, and 97% of hosts with metadata identifying
FortiOSv4. We successfully demonstrate full private key recovery in the
wild against a subset of these hosts that accept IPsec connections    *

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.aklug.org/pipermail/aklug/attachments/20171023/f943f1fe/attachment.html>

More information about the aklug mailing list