Logjam (computer security): Difference between revisions

'''Logjam''' is a [[Vulnerability_(computing)|security vulnerability]] against [[export of cryptography from the United States|US export-grade]] 512-bit keys in [[Diffie–Hellman key exchange]]. It was discovered by a group of computer scientists and publicly reported on May 20, 2015.<ref>{{cite web |url=https://weakdh.org |title=The Logjam Attack |website=weakdh.org |date=2015-05-20}}</ref><ref>{{cite web |url=http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ |title=HTTPS-crippling attack threatens tens of thousands of Web and mail servers |author=Dan Goodin |publisher=[[Ars Technica]] |date=2015-05-20}}</ref><ref>{{cite web |url=http://www.zdnet.com/article/logjam-security-flaw-leaves-tens-of-thousands-of-https-websites-vulnerable/ |title=Logjam security flaw leaves top HTTPS websites, mail servers vulnerable|author=Charlie Osborne |publisher=[[ZDNet]] |date=2015-05-20}}</ref>. The vulnerability allows a man-in-the-middle network attacker to downgrade a TLS connection to use export-grade cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the [[HTTPS]], [[SMTPS]], and [[IMAPS]] protocols, among others.<ref>D.{{cite web |last1=Adrian, K.|first1=David |last2=Bhargavan, Z.|first2=Karthikeyan |last3=Durumeric, P.|first3=Zakir |last4=Gaudry, M.|first4=Pierrick |last5=Green, J. A.|first5=Matthew |last6=Halderman, N|first6=J. Heninger,Alex D.|last7=Henninger |first7=Nadia |last8=Springall, E.|first8=Drew |last9=Thomé, L.|first9=Emmanuel |last10=Valenta, B.|first10=Luke |last11=VanderSloot, E.|first11=Benjamin |last12=Wustrow, S.|first12=Eric |last13=Zanella-Béguelin, P.|first13=Santiago |last14=Zimmermann |first14=Paul |title=Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice |url=https://weakdh.org/imperfect-forward-secrecy.pdf |date=May 2015}}</ref>