SoylentNews is people
SoylentNews
There's a new TLS protocol security vulnerability found that can be exploited using protocol downgrade that was left in place due to previous U.S. government export restrictions its been named "Logjam". It affects servers supporting the Diffie-Hellman key exchange, and it's caused by export restrictions mandated by the U.S. government during the Clinton administration. "Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties."
Internet Explorer is the only browser yet updated to block such an attack — patches for Chrome, Firefox, and Safari are expected soon. The researchers add, "Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break." Here is their full technical report (PDF).
Time for a complete overhaul?
[Update: Thanks to Canopic Jug for locating and providing a link to the Common Vulnerabilities and Exposures entry CVE-2015-4000; check there for official information and updates.]
(Score: 3, Informative) by Beige on Thursday May 21 2015, @07:26AM
This is a landmark crypto paper and I hope everyone even half-interested in security will bother reading and understanding the PDF. If you are pressed for time it's at least worth checking the recommendations at the end of the paper.
(Score: 2) by FatPhil on Thursday May 21 2015, @02:53PM
I was going to write a post blasting that claim, as the world record (academia) is 596 bits. However, I decided to do some calculations, and came up with an complexity estimate very close to the one in the paper for DH-768 (about 100000 GHzYears). Whether that's realistic in academia is debateable (it means tieing up the biggest university supercomputer for an entire year - which university will let you do that?). However, that's within a nation-state's capabilities. Who knows, maybe LLNL has been doing nothing but Diffie-Hellman solving for the last few years? Remember, DH is harder than factoring, and only one 768-bit hard factorisation has ever been performed in the history of all mankind.
However, DH-1024 is a thousand times harder. If one USA can do a DH-768, then it would still take 1000 USAs to do a DH-1024. Not gonna happen on a general purpose architecture machine (which includes GPUs).
So it's a bit of a blasting, not a complete one. And of course I've not forgotten that algorithms only ever get better (in particular for DH, I'm expecting some new record results any time now given some recent papers in the field).
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves