Logjam TLS attack hits servers, browsers

May 20, 2015 | 11:24

Tags: #diffie-hellman #insecurity #privacy #security #ssl #tls #transport-layer-security #vulnerability

Companies: #freak #logjam #nsa

A new attack against Transport Layer Security (TLS), dubbed Logjam, has been discovered, allowing most common web browsers to be tricked into downgrading the strength of their cryptography.

Discovered and publicised by researchers at Inria Nancy-Grand Est, Inria Paris-Rocquencourt, Microsoft Research, Johns Hopkins University, University of Michigan, and the University of Pennsylvania, Logjam targets the Diffie-Hellman key exchange algorithm, used to agree on a shared key and negotiate the type and strength of cryptography used in a given TLS-secured connection. This algorithm, the researchers have proven, is vulnerable to exploitation by a man-in-the-middle (MITM) attacker allowing for the security of the connection to be considerably downgraded in a similar manner to the earlier Freak attack. Once downgraded, it is trivial for the attacker to break the encryption and read - or modify - the data being transferred.

The researchers claim that, due to the use of the same initial prime in most common Diffie-Hellman implementations, around 80 per cent of vulnerable servers can be downgraded to 512-bit cryptography - well below the 768-bit and 1,024-bit levels at which academics and state actors can break cryptography. If the two most common primes are factored, the team estimates somewhere in the region of 18 per cent of web sites, 66 per cent of VPN servers, and 26 per cent of SSH servers would be affected. The team further claims this has already been done, stating that 'a close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break.'

The Logjam flaw affects around 8.4 of the top million websites, 3.4 14.8 per cent of SMTP servers, 8.9 per cent of POP3 mail servers, and 8.4 per cent of IMAP mail servers, the team has found. Should an attacker, such as the NSA, have already factored the most common 1,024-bit prime used by the Diffie-Hellman implementations, that would extend to 17.9 per cent of the top million websites, 25.7 per cent of SSH servers, and a massive 66.1 per cent of IPsec VPNs.

Those who run servers are advised to disable support for export-strength cipher suites to prevent the attack from downgrading the connection, while also generating a unique 2,048-bit Diffie-Hellman group rather than using the defaults or lower-length primes. End-users can check their browsers for the vulnerability at the official website, and should wait for updates to close the hole from Google, Mozilla, Microsoft, and Apple.
Discuss this in the forums
Mod of the Month April 2019 in Association with Corsair

May 8 2019 | 13:30