An attack on TLS and related protocols as of may 2015. This attack uses pre-computations to attack short prime diffie hellmann key exchange, primes with up to 1024 bits length are considered broken. It also showed people that group re-use can break security with diffie-hellmann.
Questions tagged [logjam]
10 questions
15
votes
1 answer
Logjam on Elliptic Curves?
I think we're all aware of the Logjam attack.
From now on we know that re-using primes for DH is a bad idea.
But we also say that elliptic curves are safe from the attack (relying on the NFS), because it cannot be applied. I understand this.
Now in…
SEJPM
- 46,697
- 9
- 103
- 214
13
votes
3 answers
What does "export grade" cryptography mean? And how is this related to the Logjam attack?
I am doing some research on the Logjam attack, and I need help in learning some terms that are new for me.
What does "export grade" cryptography mean? And how is this related to the Logjam attack?
han
- 419
- 3
- 9
9
votes
1 answer
Is it possible to generate backdoored DH parameters?
I know it has been already asked and answered whether it's possible to generate weak DH parameters.
But "recentely" we experienced the Logjam attack, which makes use of the pre-computation capabilities of the GNFS to quickly break many discrete…
SEJPM
- 46,697
- 9
- 103
- 214
9
votes
1 answer
Logjam: "composite order subgroups" explained for TLS developers and system admins?
I have read the recent logjam paper Imperfect Forward Secrecy:
How Diffie-Hellman Fails in Practice.
On page 11 in the Recommendations section, they state:
Avoid fixed-prime groups In the medium term, employing
negotiated Diffie-Hellman groups…
Mike Ounsworth
- 3,717
- 1
- 20
- 29
3
votes
1 answer
Logjam-style attack on Factoring?
We're all aware of the Logjam attack, which is known as "FREAK on discrete logarithms". The attack works by doing a large pre-computation step, which needs only to be done once per field and then quickly computes discrete logarithms. As this seems…
SEJPM
- 46,697
- 9
- 103
- 214
2
votes
1 answer
In TLS, does the client know the server's public key before starting the data exchange?
I am reading about the logjam attack. I was asked if the attack could be prevented by checking the integrity of the Server Hello message.
My answer would be no because the man-in-the-middle can still not send the original Server Hello message and…
Jack
- 43
- 5
2
votes
1 answer
At what modulus size does the logjam reduction stage become impractical?
Attacking a Diffie-Hellman exchange with logjam involves a massive precomputation effort once for the group, and then a comparatively simple reduction stage that is necessary to break each individual handshake. At what DH size does the reduction…
forest
- 15,626
- 2
- 49
- 103
2
votes
1 answer
What is the actual result of a Logjam's DH attack?
Does a Logjam attack calculate a group of probable Diffie-Hellman private keys for a user and then try them one at a time to see if it can decrypt the message - or does it directly calculate the one specific instance of a user's private key?
CBruce
- 239
- 1
- 5
1
vote
1 answer
How do I ascertain the key length of some Diffie Hellman moduli to counteract the Log Jam vulnerability?
I have the following Diffie-Hellman ciphers on one of my servers
TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
TLS_DHE_DSS_WITH_AES_256_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
I have been asked to disable…
Mick8695
- 111
- 1
0
votes
1 answer
Avoid Logjam TLS Attack?
As the Logjam attack allows a Man-in-the-Middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography by modifying the ClientHello and ServerHello, can the Logjam attack be avoided by verifying the integrity of the…
Jenny
- 1