/plushcap/analysis/cloudflare/logjam-the-latest-tls-vulnerability-explained

Logjam: the latest TLS vulnerability explained

What's this blog post about?

On May 20th, a group of researchers from INRIA, Microsoft Research, Johns Hopkins University, the University of Michigan, and the University of Pennsylvania published an analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. The research includes a novel downgrade attack against the TLS protocol called Logjam, which exploits EXPORT cryptography (similar to FREAK). CloudFlare customers are not affected by this vulnerability since they do not support non-EC Diffie-Hellman ciphersuites on either the client or origin side. The researchers found that 8.4% of Alexa Top Million HTTPS websites were initially vulnerable, with 82% and 10% of them using the same two parameter sets, making precomputation more viable. Both the client and the server need to be vulnerable for the attack to succeed.

Company
Cloudflare

Date published
May 21, 2015

Author(s)
Filippo Valsorda

Word count
1712

Language
English

Hacker News points
None found.


By Matt Makai. 2021-2024.