Logjam security flaw leaves top HTTPS websites, mail servers vulnerable

The new attack can be used to spy upon encrypted connections used by tens of thousands of HTTPS websites and mail servers.

Tens of thousands of HTTPS websites, mail servers and other services are vulnerable to eavesdropping due to a flaw in cryptographic algorithms.

On Tuesday, a team of computer scientists released a report (.PDF) documenting cryptographic problems with the Diffie-Hellman key exchange, a popular algorithm used by Internet protocols to agree on a shared encryption key and create a secure connection.

Diffie-Hellman is used in a number of protocols which rely on Transport Layer Security (TLS), as well as HTTPS, SSH, IPsec and SMTPS.

The team says "several weaknesses" have been discovered in how the Diffie-Hellman key exchange is deployed, resulting in the Logjam attack. Logjam allows a man-in-the-middle (MITM) cyberattacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography, which in turn provides an avenue for them to eavesdrop or modify data which passes through the connection.

Another security concern caused by Logjam is the possibility of wide-scale state-sponsored threats.

"Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange," the team say.

"Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve -- the most efficient algorithm for breaking a Diffie-Hellman connection -- is dependent only on this prime. After this first step, an attacker can quickly break individual connections."

The researchers say Logjam can be used to downgrade connections to 80 percent of TLS DHE EXPORT servers and estimates that a skilled team can break a 768-bit prime -- while a state-sponsored campaign, due to an increase in resources, could break the common 1024-bit prime.

This is a disturbing thought, as the computer scientists believe a successful state-sponsored attack could then allow for eavesdropping on 18 percent of the top one million HTTPS domains on the Web.

According to the report, the vulnerability estimates of HTTPS websites and mail servers are below:


The scientists, who hail from Microsoft, John Hopkins University, University of Michigan, University of Pennsylvania and the Inria Nancy-Grand Est research center say the attack is similar to FREAK, but differs as the vulnerability is caused by a flaw in the TLS protocol rather than an implementation issue. In addition, the team say the attack focuses on a Diffie-Hellman key exchange rather than an RSA key exchange, and can impact on any server which supports DHE_EXPORT ciphers.

Proof-of-concept videos have also been published documenting the flaw.

The researchers say you should make sure you have the most up-to-date version of your browser possible, as Google, Mozilla, Microsoft and Apple are all set to deploy fixes for the Logjam attack. In addition, web admins should disable support for export cipher suites and generate a unique 2048-bit the Diffie-Hellman key group. A guide to doing so is hosted here.