Logjam (computer security)
Appearance
Logjam is a security vulnerability against US export-grade 512-bit keys in Diffie–Hellman key exchange. It was discovered by a group of computer scientists and publicly reported on May 20, 2015.[1][2][3][4] The vulnerability allows a man-in-the-middle network attacker to downgrade a TLS connection to use export-grade cryptography, allowing him to read the exchanged data and inject data into the connection. It affects the HTTPS, SMTPS, and IMAPS protocols, among others.[5]
See also
References
- ^ "The Logjam Attack". weakdh.org. 2015-05-20.
- ^ Dan Goodin (2015-05-20). "HTTPS-crippling attack threatens tens of thousands of Web and mail servers". Ars Technica.
- ^ Charlie Osborne (2015-05-20). "Logjam security flaw leaves top HTTPS websites, mail servers vulnerable". ZDNet.
- ^ http://www.wsj.com/articles/new-computer-bug-exposes-broad-security-flaws-1432076565
- ^ Adrian, David; Bhargavan, Karthikeyan; Durumeric, Zakir; Gaudry, Pierrick; Green, Matthew; Halderman, J. Alex; Heninger, Nadia; Springall, Drew; Thomé, Emmanuel; Valenta, Luke; VanderSloot, Benjamin; Wustrow, Eric; Zanella-Béguelin, Santiago; Zimmermann, Paul (May 2015). "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice" (PDF).
External links