Revision as of 20:18, 15 October 2015 edit ArnoldReinhold (talk \| contribs) Autopatrolled, Administrators 31,355 edits correct date for Adrian et al paper ← Previous edit		Revision as of 09:23, 16 October 2015 edit undo Frap (talk \| contribs) Extended confirmed users, File movers, Pending changes reviewers, Rollbackers 35,599 edits Wikilink Next edit →
Line 3: The version of the vulnerability reported in May 2015 used a man-in-the-middle network attacker to downgrade a [[Transport Layer Security]] (TLS) connection to use 512 bit DH export-grade cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the [[HTTPS]], [[SMTPS]], and [[IMAPS]] protocols, among others.<ref>{{cite web \|last1=Adrian \|first1=David \|last2=Bhargavan \|first2=Karthikeyan \|last3=Durumeric \|first3=Zakir \|last4=Gaudry \|first4=Pierrick \|last5=Green \|first5=Matthew \|last6=Halderman \|first6=J. Alex \|last7=Heninger \|first7=Nadia \|last8=Springall \|first8=Drew \|last9=Thomé \|first9=Emmanuel \|last10=Valenta \|first10=Luke \|last11=VanderSloot \|first11=Benjamin \|last12=Wustrow \|first12=Eric \|last13=Zanella-Béguelin \|first13=Santiago \|last14=Zimmermann \|first14=Paul \|title=Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice \|url=https://weakdh.org/imperfect-forward-secrecy.pdf \|date=October 2015}}</ref> Its CVE ID is CVE-2015-4000.<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</ref> In October 2015, researched published another paper, estimating the feasibility of the attack against 1024 bit ~~Diffie-Hellman~~Diffie–Hellman primes. By design, many ~~Diffie-Hellman~~Diffie–Hellman implementations use the same pregenerated prime for their field. This was considered secure, since the [[discrete log problem]] is still consider hard even if the field is known and reused. The researchers calculated the cost of creating logjam precomputation for one 1024-bit prime at hundreds of millions of USD, and noted that this was well within range of the FY2012 $10.5 billion U.S. Consolidated Cryptologic Program (which includes NSA). Because of the reuse of primes, generating precomputation for just one prime would break two-thirds of VPNs and a quarter of all SSH servers globally. The researchers noted that this attack fits claims in leaked NSA papers that NSA is able to break much current crypto.<ref name="paper" /> == Responses == * On May 12, 2015, Microsoft released a patch for [[Internet Explorer]].<ref> {{cite web \| url=https://technet.microsoft.com/en-us/library/security/ms15-055.aspx Line 41: }} </ref> * On September 1, 2015, Google released a fix for the [[Google Chrome\|Chrome]] browser.<ref> {{cite web \| url=http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html

Logjam (computer security): Difference between revisions