Content deleted Content added
No edit summary |
typo in author name |
||
Line 1:
'''Logjam''' is a [[Vulnerability (computing)|security vulnerability]] against [[export of cryptography from the United States|US export-grade]] 512-bit keys in [[Diffie–Hellman key exchange]]. It was discovered by a group of computer scientists and publicly reported on May 20, 2015.<ref>{{cite web |url=https://weakdh.org |title=The Logjam Attack |website=weakdh.org |date=2015-05-20}}</ref><ref>{{cite web |url=http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ |title=HTTPS-crippling attack threatens tens of thousands of Web and mail servers |author=Dan Goodin |publisher=[[Ars Technica]] |date=2015-05-20}}</ref><ref>{{cite web |url=http://www.zdnet.com/article/logjam-security-flaw-leaves-tens-of-thousands-of-https-websites-vulnerable/ |title=Logjam security flaw leaves top HTTPS websites, mail servers vulnerable|author=Charlie Osborne |publisher=[[ZDNet]] |date=2015-05-20}}</ref><ref>http://www.wsj.com/articles/new-computer-bug-exposes-broad-security-flaws-1432076565</ref> The vulnerability allows a man-in-the-middle network attacker to downgrade a TLS connection to use export-grade cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the [[HTTPS]], [[SMTPS]], and [[IMAPS]] protocols, among others.<ref>{{cite web |last1=Adrian |first1=David |last2=Bhargavan |first2=Karthikeyan |last3=Durumeric |first3=Zakir |last4=Gaudry |first4=Pierrick |last5=Green |first5=Matthew |last6=Halderman |first6=J. Alex |last7=
== See also ==
| |||