.. _sweet32:

Sweet32 attack (DES, 3DES)
==========================

.. warning::
    This resource is maintained for historical reference and **does not contain the latest vulnerability info for Python**.

    The `canonical database for vulnerabilities affecting Python <https://github.com/psf/advisory-database>`_ is available on GitHub
    in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the
    `Open Source Vulnerability Database <https://osv.dev/list?ecosystem=&q=CVE-2016-2183>`_.

Remove 3DES from ssl default cipher list.

Sweet32 vulnerability found by Karthik Bhargavan and Gaetan Leurent from
the `INRIA <https://www.inria.fr/>`_.

Dates:

* Disclosure date: **2016-08-24** (end of the Sweet32 embargo)
* Reported by: Karthik Bhargavan and Gaetan Leurent (Sweet32)

Fixed In
--------

* Python **2.7.13** (2016-12-17) fixed by `commit d988f42 (branch 2.7) <https://github.com/python/cpython/commit/d988f429fe43808345812ef63dfa8da170c61871>`_ (2016-09-06)
* Python **3.4.7** (2017-08-09) fixed by `commit fa53dbd (branch 3.4) <https://github.com/python/cpython/commit/fa53dbdec818b0f2a0e22ca12a49d83ec948fc91>`_ (2017-03-10)
* Python **3.5.3** (2017-01-16) fixed by `commit 03d13c0 (branch 3.5) <https://github.com/python/cpython/commit/03d13c0cbfe912eb0f9b9a02987b9e569f25fe19>`_ (2016-09-06)
* Python **3.6.0** (2016-12-22) fixed by `commit 03d13c0 (branch 3.5) <https://github.com/python/cpython/commit/03d13c0cbfe912eb0f9b9a02987b9e569f25fe19>`_ (2016-09-06)

Python issue
------------

Remove 3DES from cipher list (sweet32 CVE-2016-2183).

* Python issue: `bpo-27850 <https://bugs.python.org/issue27850>`_
* Creation date: 2016-08-24
* Reporter: Christian Heimes

CVE-2016-2183
-------------

The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.

* CVE ID: `CVE-2016-2183 <https://nvd.nist.gov/vuln/detail/CVE-2016-2183/>`_
* Published: 2016-09-01
* `CVSS Score <https://nvd.nist.gov/cvss.cfm>`_: 5.0

Timeline
--------

Timeline using the disclosure date **2016-08-24** as reference:

* 2016-08-24: Disclosure date (end of the Sweet32 embargo)
* 2016-08-24: `Python issue bpo-27850 <https://bugs.python.org/issue27850>`_ reported by Christian Heimes
* 2016-09-01 (**+8 days**): CVE-2016-2183 published
* 2016-09-06 (**+13 days**): `commit 03d13c0 (branch 3.5) <https://github.com/python/cpython/commit/03d13c0cbfe912eb0f9b9a02987b9e569f25fe19>`_
* 2016-09-06 (**+13 days**): `commit d988f42 (branch 2.7) <https://github.com/python/cpython/commit/d988f429fe43808345812ef63dfa8da170c61871>`_
* 2016-12-17 (**+115 days**): Python 2.7.13 released
* 2016-12-22: Python 3.6.0 released
* 2017-01-16 (**+145 days**): Python 3.5.3 released
* 2017-03-10 (**+198 days**): `commit fa53dbd (branch 3.4) <https://github.com/python/cpython/commit/fa53dbdec818b0f2a0e22ca12a49d83ec948fc91>`_
* 2017-08-09 (**+350 days**): Python 3.4.7 released

Links
-----

* https://sweet32.info/
* https://www.openssl.org/blog/blog/2016/08/24/sweet32/