Discovering ChaCha20 Keys and Salt in SSL/TLS Connections

Discovering ChaCha20 Keys and Salt in SSL/TLS Connections

We live in an imperfect digital world. Our mathematical equations for encryption may be near perfect, but the rest of the world is not quite as perfect. And so we have been probing for these weaknesses, and this week we’ve published — we think — the first paper to discover ChaCha20 keys and salt values in running memory [here]:

Within the paper, we examine the memory as it creates an SSL/TLS connection, and then scan for random values that might fit the size of a key and for salt values. Within a second, we can determine the right place in the memory where the key and salt are stored. If you have never heard of ChaCha20, then you should, as it is now extensively used in encrypted traffic streams. While AES is a block cipher, ChaCha20 is a faster stream cipher.

This paper follows up on previous work which managed to decrypt SSL traffic from live streams [here]:

This is not the only weakness in encryption, and we have been probing the electrical power supplies for encryption keys:

Here is Dr Owen Lo demo’ing the cracking of the keys within 30 minutes live: