Citrix has pushed back a little against the dangers posed to its users by the Sweet32 “birthday attack” against old ciphers.
The attack, published in late August, is a birthday attack against 64-bit ciphers like Blowfish and Triple DES.
That's prompted various vendors to get patching, but as Citrix explains in this blog post, deploying a Sweet32 attack in the real world is non-trivial.
“For a successful attack, a large amount of data has to be sent one-way during the session, and the session has to be encrypted using the same key. For 64-bit ciphers, it would take about 32GB of data in order to have a 50% probability of collision in any of the cipher blocks”, the post states.
Moreover: “since these protocols use different keys for each direction of the channel, the attacker can only utilise data from one side of the connection, and not both sides combined”.
Citrix says its recommendation is to disable the old 64-bit ciphers anyhow, and switch to AES-based encryption.
Patches for Sweet32 have already landed from OpenSSL (which has pushed weak ciphers out of its default configuration); and Mozilla, which is rate-limiting all ciphersuites. ®