SWEET32 - The end of Internet Explorer on Windows XP

SWEET32 - The end of IE on XP

Internet Explorer makes use of the SChannel implementation on the underlying OS. "Support" for Windows XP from Microsoft ended in April 2014, but this doesn't tell the whole story. What actually ended in April 2014 was Extended Support - the provision of security updates, and no more. The last major update to Windows XP was Service Pack 3, released in April 2008, and the last time any feature was added to Windows XP was April 2009 - over seven years ago. Much has changed on the Internet in that time, and Windows XP has finally lost an important battle with the release of the SWEET32 attack on Triple-DES encryption.

The SWEET32 attack is a similar attack to the one which rendered RC4 encryption obsolete. It takes advantage of the small 64-bit block size used by the cipher in order to perform a birthday attack. JavaScript embedded in a page can fire multiple requests at a server and, once around 785GB of data has been sent, it's possible to recover a session cookie. This attack will work against any server supporting Triple-DES encryption. This causes a major problem for Windows XP users.

Windows XP's SChannel implementation supports a number of different cipher suites. However, because no new cipher suites or protocols have been added since Windows XP was released in 2001, it's impossible to use the most secure cipher suites or protocol available to users of more modern browsers. TLS 1.2 fixes many security flaws which exist in TLS 1.0, which in turn fixes a very serious flaw in SSL 3.0. By default, Internet Explorer on Windows XP is installed with SSL 2.0 (a long since abandoned protocol) and SSL 3.0 enabled, and TLS 1.0 disabled. Most web sites turned off SSL 3.0 after the POODLE attack rendered it obsolete and insecure. As a result, most Windows XP users have switched on TLS 1.0 for Internet Explorer.

This has meant that they have been able to continue to browse the web using HTTPS for many years. TLS 1.0 is the oldest protocol available which is still thought to be secure when implemented correctly, and is the newest protocol available on Windows XP. However, this is only half the story - when an HTTPS connection is established, the protocol is used to initiate the connection, and then the cipher suite does the job of encrypting the information so that it can't be eavesdropped on or modified in transit. This is where SWEET32 has broken Internet Explorer on Windows XP.

The available cipher suites on Windows XP are: