Logjam: the latest TLS vulnerability explained
On May 20th, a group of researchers from INRIA, Microsoft Research, Johns Hopkins University, the University of Michigan, and the University of Pennsylvania published an analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. The research includes a novel downgrade attack against the TLS protocol called Logjam, which exploits EXPORT cryptography (similar to FREAK). CloudFlare customers are not affected by this vulnerability since they do not support non-EC Diffie-Hellman ciphersuites on either the client or origin side. The researchers found that 8.4% of Alexa Top Million HTTPS websites were initially vulnerable, with 82% and 10% of them using the same two parameter sets, making precomputation more viable. Both the client and the server need to be vulnerable for the attack to succeed.
Company
Cloudflare
Date published
May 21, 2015
Author(s)
Filippo Valsorda
Word count
1712
Language
English
Hacker News points
None found.