{"id":3914,"date":"2015-05-21T02:01:53","date_gmt":"2015-05-20T18:01:53","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3914"},"modified":"2015-09-09T19:36:37","modified_gmt":"2015-09-09T11:36:37","slug":"the-logjam-attack-another-critical-tls-weakness","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/05\/the-logjam-attack-another-critical-tls-weakness\/","title":{"rendered":"The Logjam Attack – ANOTHER Critical TLS Weakness"},"content":{"rendered":"

So it seems SSL\/TLS has not been having a good time lately, alongside Heartbleed<\/a> and POODLE<\/a> we now have the Logjam attack.<\/p>\n

It’s somewhat similar to the FREAK attack<\/a> earlier this year, but that attacked the RSA key exchange and was due to an implementation vulnerability rather than Logjam which attacks the Diffie-Hellman key exchange as is due to a flaw in the TLS protocol.<\/p>\n

\"The<\/p>\n

The Logjam attack allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography. This allows the attacker to read and modify any data passed over the connection. The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable.<\/p><\/blockquote>\n

Source – weakdh.org<\/a><\/p>\n

The full technical report is here: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice<\/a> [PDF]<\/p>\n

Who is affected?<\/strong><\/p>\n

Websites, mail servers, and other TLS-dependent services that support DHE_EXPORT ciphers are at risk for the Logjam attack. Websites that use one of a few commonly shared 1024-bit Diffie-Hellman groups may be susceptible to passive eavesdropping from an attacker with nation-state resources.<\/p>\n

Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve\u2014the most efficient algorithm for breaking a Diffie-Hellman connection\u2014is dependent only on this prime. After this first step, an attacker can quickly break individual connections.<\/p>\n

The researchers estimate that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break.<\/p>\n