Logjam, a new frontier of attack to the TLS

Guys, so we have been through heart bleed, freaks, and poodles. Now we have logjam. What is logjam? Logjam attacks the Diffie-Hellman key-exchange which is resultant due to a flaw in the TLS protocol. What is Diffie-Hellman key-exchange in TLS?

From security exchange;

Okay, so what does logjam do? Logjam allows a MITM(Man-in-the-middle) attackers to downgrade the TLS session encryption to a 512-bit level cryptography. This is considered breakable in current standards. Hence, the users are vulnerable to their data being watched on by this hackers. It affects those browsers which use DHE_EXPORT ciphers.

From my perspective it is one hell of a nasty. Because of the nature of how Diffie-Hellman works and how the same prime numbers are used across services using DH, an attacker can use the “number field sieve” algorithm to break the DH connection. Once its broken, and the prime is found, its open.

The number field sieve: http://mathworld.wolfram.com/NumberFieldSieve.html

So the question is, are you at risk; well; if you are an update freak like myself, then you are good to go; make sure your browsers are up-to-date. Anyone using Google Chrome above version 42 is fine.

As per admins who do manual implementations on servers etc.
1. Do not use export cipher suites.
2. Deploy Elliptic-Curve DH based algorithm ciphers. It sounds super cool, but honestly its probably the strongest  in the lot. Most modern browsers use it anyways. One way to check; just click on the lock sign on the browser tab and you can check.
3. Generate a strong and unique DH group; create your own groups which boast at least a 2048 bit strong group.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s