Logjam (computer security): Difference between revisions
Content deleted Content added
Added new Logjam server checker |
Added proper server checker |
||
| Line 13: | Line 13: | ||
==External links== |
==External links== |
||
* [https://weakdh.org/ The Logjam Attack] |
* [https://weakdh.org/ The Logjam Attack] |
||
* [https:// |
* [https://weakdh.org/servercheck.html Logjam server checker] |
||
{{SSL/TLS}} |
{{SSL/TLS}} |
||
Revision as of 15:14, 26 May 2015
Logjam is a security vulnerability against US export-grade 512-bit keys in Diffie–Hellman key exchange. It was discovered by a group of computer scientists and publicly reported on May 20, 2015.[1][2][3][4] The vulnerability allows a man-in-the-middle network attacker to downgrade a TLS connection to use export-grade cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the HTTPS, SMTPS, and IMAPS protocols, among others.[5]
See also
References
- ^ "The Logjam Attack". weakdh.org. 2015-05-20.
- ^ Dan Goodin (2015-05-20). "HTTPS-crippling attack threatens tens of thousands of Web and mail servers". Ars Technica.
- ^ Charlie Osborne (2015-05-20). "Logjam security flaw leaves top HTTPS websites, mail servers vulnerable". ZDNet.
- ^ http://www.wsj.com/articles/new-computer-bug-exposes-broad-security-flaws-1432076565
- ^ Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (May 2015). "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" (PDF).
External links
 | This cryptography-related article is a stub. You can help Wikipedia by expanding it. |
 | This Internet-related article is a stub. You can help Wikipedia by expanding it. |