Content deleted Content added
Sonajourney (talk | contribs) m Changed "difficult" to "difficulty" |
m →top: Spelling/grammar correction |
||
Line 1:
'''Logjam''' is a [[Vulnerability (computing)|security vulnerability]] against a [[Diffie–Hellman key exchange]] ranging from 512-bit ([[export of cryptography from the United States|US export-grade]]) to 1024-bit keys.<ref name="paper">{{cite web |url=https://weakdh.org |title=The Logjam Attack |website=weakdh.org |date=2015-05-20}}</ref> It was discovered by a group of computer scientists and publicly reported on May 20, 2015.<ref>{{cite web |url=http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ |title=HTTPS-crippling attack threatens tens of thousands of Web and mail servers |author=Dan Goodin |publisher=[[Ars Technica]] |date=2015-05-20}}</ref><ref>{{cite web |url=http://www.zdnet.com/article/logjam-security-flaw-leaves-tens-of-thousands-of-https-websites-vulnerable/ |title=Logjam security flaw leaves top HTTPS websites, mail servers vulnerable|author=Charlie Osborne |publisher=[[ZDNet]] |date=2015-05-20}}</ref><ref>http://www.wsj.com/articles/new-computer-bug-exposes-broad-security-flaws-1432076565</ref>
Diffie–Hellman key exchange depends for its security on the presumed difficultly of solving the [[discrete logarithm problem]]. The authors took advantage of the fact that the [[number field sieve]] algorithm, which is generally the most effective method for finding discrete logarithms, consists of four large computational steps, of which the first three depend only on the order of the group G, not on the specific number whose finite log is desired. If the results of the first three steps are [[precomputed]] and saved, they can be used to solve any discrete
One vulnerability demonstrated by the authors was using a man-in-the-middle network attacker to downgrade a [[Transport Layer Security]] (TLS) connection to use 512 bit DH [[export of cryptography|export-grade]] cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the [[HTTPS]], [[SMTPS]], and [[IMAPS]] protocols, among others. The authors needed several thousand CPU cores for a week to precompute data for a single 512-bit prime. Once that was done, however, individual logarithms could be solved in about a minute using two 18-core Intel Xeon CPUs.<ref>{{cite web |last1=Adrian |first1=David |last2=Bhargavan |first2=Karthikeyan |last3=Durumeric |first3=Zakir |last4=Gaudry |first4=Pierrick |last5=Green |first5=Matthew |last6=Halderman |first6=J. Alex |last7=Heninger |first7=Nadia |last8=Springall |first8=Drew |last9=Thomé |first9=Emmanuel |last10=Valenta |first10=Luke |last11=VanderSloot |first11=Benjamin |last12=Wustrow |first12=Eric |last13=Zanella-Béguelin |first13=Santiago |last14=Zimmermann |first14=Paul |title=Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice |url=https://weakdh.org/imperfect-forward-secrecy.pdf |date=October 2015}}</ref> Its CVE ID is CVE-2015-4000.<ref>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000</ref>
| |||