Revision as of 14:04, 31 January 2016 edit Mr. Stradivarius (talk \| contribs) Edit filter managers, Administrators 59,230 edits m sp Tag: Visual edit ← Previous edit		Revision as of 10:49, 13 June 2016 edit undo Widefox (talk \| contribs) Autopatrolled, Extended confirmed users, Page movers, IP block exemptions, New page reviewers, Pending changes reviewers, Rollbackers 110,679 edits separate lead, fix XML parse, ref cols, destub, link Next edit →
Line 1: '''Logjam''' is a [[Vulnerability (computing)\|security vulnerability]] against a [[Diffie–Hellman key exchange]] ranging from 512-bit ([[export of cryptography from the United States\|US export-grade]]) to 1024-bit keys.<ref name="paper">{{cite web \|url=https://weakdh.org \|title=The Logjam Attack \|website=weakdh.org \|date=2015-05-20}}</ref> It was discovered by a group of computer scientists and publicly reported on May 20, 2015.<ref>{{cite web \|url=http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/ \|title=HTTPS-crippling attack threatens tens of thousands of Web and mail servers \|author=Dan Goodin \|publisher=[[Ars Technica]] \|date=2015-05-20}}</ref><ref>{{cite web \|url=http://www.zdnet.com/article/logjam-security-flaw-leaves-tens-of-thousands-of-https-websites-vulnerable/ \|title=Logjam security flaw leaves top HTTPS websites, mail servers vulnerable\|author=Charlie Osborne \|publisher=[[ZDNet]] \|date=2015-05-20}}</ref><ref>http://www.wsj.com/articles/new-computer-bug-exposes-broad-security-flaws-1432076565</ref> ==Details== Diffie–Hellman key exchange depends for its security on the presumed difficulty of solving the [[discrete logarithm problem]]. The authors took advantage of the fact that the [[number field sieve]] algorithm, which is generally the most effective method for finding discrete logarithms, consists of four large computational steps, of which the first three depend only on the order of the group G, not on the specific number whose finite log is desired. If the results of the first three steps are [[precomputed]] and saved, they can be used to solve any discrete log problem for that prime group in relatively short time. It turns out that much Internet traffic only uses one of a handful of groups that are of order 1024-bits or less. One vulnerability demonstrated by the authors was using a [[man-in-the-middle attack\|man-in-the-middle network attacker]] to downgrade a [[Transport Layer Security]] (TLS) connection to use 512 bit DH [[export of cryptography\|export-grade]] cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the [[HTTPS]], [[SMTPS]], and [[IMAPS]] protocols, among others. The authors needed several thousand [[CPU]] cores for a week to precompute data for a single 512-bit prime. Once that was done, however, individual logarithms could be solved in about a minute using two 18-core [[Intel Xeon]] CPUs.<ref>{{cite web \|last1=Adrian \|first1=David \|last2=Bhargavan \|first2=Karthikeyan \|last3=Durumeric \|first3=Zakir \|last4=Gaudry \|first4=Pierrick \|last5=Green \|first5=Matthew \|last6=Halderman \|first6=J. Alex \|last7=Heninger \|first7=Nadia \|last8=Springall \|first8=Drew \|last9=Thomé \|first9=Emmanuel \|last10=Valenta \|first10=Luke \|last11=VanderSloot \|first11=Benjamin \|last12=Wustrow \|first12=Eric \|last13=Zanella-Béguelin \|first13=Santiago \|last14=Zimmermann \|first14=Paul \|title=Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice \|url=https://weakdh.org/imperfect-forward-secrecy.pdf \|date=October 2015}}</ref> Its CVE ID is CVE-2015-4000.<ref name = "CVE-2015-4000">{{cite web \| title = CVE-2015-4000 \| publisher = The MITRE Corporation \| work = Common Vulnerabilities and Exposures List \| date = 2015-05-15 \| url = https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000 }} <br/> "The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the 'Logjam' issue." </ref> Line 15 ⟶ 16: == Responses == * On May 12, 2015, Microsoft released a patch for [[Internet Explorer]].<ref> {{cite web Line 24: \| quote=This security update resolves a vulnerability in Microsoft Windows that facilitates exploitation of the publicly disclosed Logjam technique, [...] The security update addresses the vulnerability by increasing the minimum allowable DHE key length to 1024 bits. }}</ref> * On June 16, 2015, the [[Tor Project]] provided a patch for Logjam to the [[Tor Browser]].<ref>https://blog.torproject.org/blog/tor-browser-452-released</ref> * On June 30, 2015, [[Apple Inc.\|Apple]] released a patch for both [[OS X Yosemite]] and [[iOS 8]] operating system.<ref> {{cite web Line 64: == References == {{reflist\|40em}} ==External links== Line 77: [[Category:2015 in computer science]] [[Category:Transport Layer Security]] ~~{{crypto-stub}}~~ ~~{{internet-stub}}~~

Logjam (computer security): Difference between revisions