14 DAY TRIAL // A new attack, dubbed Logjam by cryptography researchers, can be used to compromise a secure communication between a client and a server by downgrading the TLS connection to the vulnerable 512-bit, export-grade cryptography.
The weakness touches on the TLS (Transport Layer Security) protocol, including weak variants of the Diffie-Hellman cryptographic key exchange mechanism, which is used by a large number of web and mail servers as well as other secure services.
Diffie-Hellman allows two parties unknown to each other to swap encryption keys securely over a public channel. This permits exchanging secure messages (IM, email) by encrypting them with ephemeral keys that can unlock only a part of the conversation.
Weak cryptography policy from the ‘90s bites back, again
The method used in the Logjam attack was first disclosed in the case of the FREAK bug that could be leveraged by someone in the position to intercept the secure traffic to force the use of weak RSA keys for the encryption via SSL/TLS.
This was possible because of a now-abandoned policy in 1990, which required implementation of “export-grade” cryptography in the SSL protocol by adding weak cipher suites (marked with the prefix “EXP”) that relied on easy-to-break encryption keys.
The same applied to Diffie-Hellman and a weak, export-grade version became available (DHE_EXPORT ciphersuites), which did not allow use of keys stronger than 512-bit, which can be broken in a matter of hours these days.
According to recent statistics, 8.4% of the top one million domains, email servers with simple mail transfer protocol with StartTLS (14.8%), secure POP3 (8.9%) and secure IMAP (8.4%) are vulnerable to Logjam attacks because they still include support for the “export-grade” Diffie-Hellman variants.
Web browsers are also affected, although, surprisingly, not all of them. While checking Chrome and Firefox on the Logjam Attack page shows that they can both be tricked to use weak encryption, Internet Explorer is immune.
Weak Diffie-Hellman implementation found on many servers
Apart from support for export-grade versions, the researchers also found that servers also rely on “standardized, hardcoded, or widely shared parameters,” which makes large-scale attacks cheap, they say in a report detailing the Diffie-Hellman problems.
According to the research, “just two 512-bit primes account for 92% of Alexa Top 1M domains that support DHE_EXPORT, and 93% of all servers with browser-trusted certificates that support DHE_EXPORT,” with the most popular prime being found in 564,000 servers Apache web servers.
More than this, the researchers discovered weak primes (512-bit or lower) in non-export versions of the mechanism available in 2,631 servers with browser-trusted certificates; 118 of them were in the top one million domains.