Bouncy Castle keystore: How are files vulnerable to brute force?


Bouncy Castle is a collection of cryptographic APIs for Java and C#, but it was recently reported that some of…

the Bouncy Castle keystore files are vulnerable to hash collisions, which enable attackers to use brute force attacks to crack the cryptography behind C# and Java applications. How is this possible? What solutions has Bouncy Castle suggested?

Brute force cracking of the cryptography for C# and Java applications may be caused by a design flaw in the first version of the Bouncy Castle keystore (BKS) file of encryption keys. The flaw improperly determines the message authentication code (MAC) key size used to protect the data inside of the keystore where the key size is insufficient to prevent a hash collision attack against valid passwords.

In the BKS hashed MAC, an SHA-1 cryptographic hash function is 160 bits long. RFC 7292 on cryptographic algorithms specifies that the sizes of the MAC key and the hash function must be the same. The first version of the Bouncy Castle keystore files fails to meet this requirement if the MAC key size is 16 bits instead of the required 160 bits.

A 16-bit BKS file can have a repository of 65,536 different encryption keys — meaning an attacker could write a simple password to crack the script to the brute force hash collisions. Furthermore, as computational power increases, attackers may find it easier to guess key values in seconds.

A CERT Coordination Center blogger at Carnegie Mellon University demonstrated how he created a brute force cracking tool with Python’s pyjks library and saved the script as a Python file ( Upon execution, the file showed the password in plain view and the maximum size of the Bouncy Castle keystore password was found to be 16 bits.

Bouncy Castle has suggested using BKS version 1.47 or newer, as the default MAC key size of a BKS keystore file was increased from 16 bits to 160 bits to protect the keystore from hash collision attacks.

Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)

Products You May Like

Articles You May Like

Company Launches Lockdown-Friendly Hacking Competition
Bill Gates’s YouTube ‘Bitcoin giveaway’ is a big fat scam
Magecart Hackers Inject iFrame Skimmers in 19 Sites to Steal Payment Data
TrickBot Mobile App Bypasses 2‐Factor Authentication for Net Banking Services
Proposed amendments to the Volcker Rule could be a lifeline for venture firms hit by market downturn

Leave a Reply

Your email address will not be published. Required fields are marked *