Home
Certification Preparation
Microsoft
Exchange Server & Office Communications Server Exams
Exchange Server gurus & encrypting emails
shochan
So, I found a vulnerability in our exchange servers this week (I'm not part of Exch team, so not for certain which svr version they are using) - because our S/MIME encrypting method is using 3DES - which was compromised by the Sweet32 attack.
https://sweet32.info/
CVE-2016-2183 : The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a bi
https://csrc.nist.gov/News/2017/Update-to-Current-Use-and-Deprecation-of-TDEA
I wondered why whoever setup this exchange didn't go with AES encryption (possibly being Exch 2003) idk, that's why I wanted to inquire with the TE folks/gurus out there. What encryption methods are you using? if any...or possibly 3rd party software?
Cheers and Hi5!
Find more posts tagged with
Comments
gespenstern
From what I remember from sweet description it's very hard to exploit. Not only it requires MITM, it's unlikely that a typical email size would be enough. They typically talk about hundreds of gigabytes of a single session for which this single encryption key was used which is by far much higher than a typical email size. I'd let it slide no issues if my memory serves me well and there's a reason for using 3DES in this case.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
