Content deleted Content added
1024 update |
correct date for Adrian et al paper |
||
Line 1:
'''Logjam''' is a [[Vulnerability (computing)|security vulnerability]] against a [[Diffie–Hellman key exchange]] ranging from 512-bit ([[export of cryptography from the United States|US export-grade]]) to 1024-bit keys.<ref name="paper">{{cite web |url=https://weakdh.org |title=The Logjam Attack |website=weakdh.org |date=2015-05-20}}</ref> It was discovered by a group of computer scientists and publicly reported on May 20, 2015.<ref>{{cite web |url=http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ |title=HTTPS-crippling attack threatens tens of thousands of Web and mail servers |author=Dan Goodin |publisher=[[Ars Technica]] |date=2015-05-20}}</ref><ref>{{cite web |url=http://www.zdnet.com/article/logjam-security-flaw-leaves-tens-of-thousands-of-https-websites-vulnerable/ |title=Logjam security flaw leaves top HTTPS websites, mail servers vulnerable|author=Charlie Osborne |publisher=[[ZDNet]] |date=2015-05-20}}</ref><ref>http://www.wsj.com/articles/new-computer-bug-exposes-broad-security-flaws-1432076565</ref>
The version of the vulnerability reported in May 2015 used a man-in-the-middle network attacker to downgrade a [[Transport Layer Security]] (TLS) connection to use 512 bit DH export-grade cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the [[HTTPS]], [[SMTPS]], and [[IMAPS]] protocols, among others.<ref>{{cite web |last1=Adrian |first1=David |last2=Bhargavan |first2=Karthikeyan |last3=Durumeric |first3=Zakir |last4=Gaudry |first4=Pierrick |last5=Green |first5=Matthew |last6=Halderman |first6=J. Alex |last7=Heninger |first7=Nadia |last8=Springall |first8=Drew |last9=Thomé |first9=Emmanuel |last10=Valenta |first10=Luke |last11=VanderSloot |first11=Benjamin |last12=Wustrow |first12=Eric |last13=Zanella-Béguelin |first13=Santiago |last14=Zimmermann |first14=Paul |title=Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice |url=https://weakdh.org/imperfect-forward-secrecy.pdf |date=
In October 2015, researched published another paper, estimating the feasibility of the attack against 1024 bit Diffie-Hellman primes. By design, many Diffie-Hellman implementations use the same pregenerated prime for their field. This was considered secure, since the [[discrete log problem]] is still consider hard even if the field is known and reused. The researchers calculated the cost of creating logjam precomputation for one 1024-bit prime at hundreds of millions of USD, and noted that this was well within range of the FY2012 $10.5 billion U.S. Consolidated Cryptologic Program (which includes NSA). Because of the reuse of primes, generating precomputation for just one prime would break two-thirds of VPNs and a quarter of all SSH servers globally. The researchers noted that this attack fits claims in leaked NSA papers that NSA is able to break much current crypto.<ref name="paper" />
| |||