Content deleted Content added
m Bot: removing misplaced special no-break space character and minor changes |
|||
Line 14:
The authors also estimated the feasibility of the attack against 1024-bit Diffie–Hellman primes. By design, many Diffie–Hellman implementations use the same pregenerated [[prime number|prime]] for their field. This was considered secure, since the [[discrete log problem]] is still considered hard for big-enough primes even if the group is known and reused. The researchers calculated the cost of creating logjam precomputation for one 1024-bit prime at hundreds of millions of USD, and noted that this was well within range of the FY2012 $10.5 billion [[U.S. Consolidated Cryptologic Program]] (which includes [[NSA]]). Because of the reuse of primes, generating precomputation for just one prime would break two-thirds of [[VPN]]s and a quarter of all [[Secure Shell|SSH]] servers globally. The researchers noted that this attack fits claims in leaked NSA papers that NSA is able to break much current cryptography. They recommend using primes of 2048 bits or more as a defense or switching to [[Elliptic-curve Diffie–Hellman]] (ECDH).<ref name="paper" />
== Test Tools ==
* [[Transport Layer Security|TLS]]-based services such as web servers offering [[HTTPS]] can be checked for the vulnerability using scanners such as [https://github.com/nabla-c0d3/sslyze SSLyze] or the [https://ssllabs.com/ssltest/ Qualys SSL server test].
* [[SSH]] servers can be tested using the [https://github.com/GDSSecurity/SSH-Weak-DH SSH-Weak-DH tool].
== Responses ==
| |||