Jump to content

Logjam (computer security)

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 77.58.149.249 (talk) at 14:11, 25 May 2015 (Added new Logjam server checker). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Logjam is a security vulnerability against US export-grade 512-bit keys in Diffie–Hellman key exchange. It was discovered by a group of computer scientists and publicly reported on May 20, 2015.[1][2][3][4] The vulnerability allows a man-in-the-middle network attacker to downgrade a TLS connection to use export-grade cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the HTTPS, SMTPS, and IMAPS protocols, among others.[5]

See also

References

  1. ^ "The Logjam Attack". weakdh.org. 2015-05-20.
  2. ^ Dan Goodin (2015-05-20). "HTTPS-crippling attack threatens tens of thousands of Web and mail servers". Ars Technica.
  3. ^ Charlie Osborne (2015-05-20). "Logjam security flaw leaves top HTTPS websites, mail servers vulnerable". ZDNet.
  4. ^ http://www.wsj.com/articles/new-computer-bug-exposes-broad-security-flaws-1432076565
  5. ^ Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (May 2015). "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" (PDF).