Logjam Attack: An issue which needs our immediate attention.
What is Logjam Attack?
Programmers and researchers have come across a new vulnerability which can cause website and browser encryption. This discovery is named as Logjam. This new invention has its own pros and cons. The good news is that companies like Google are successful to provide a patch to this vulnerability, whose updates are available on Firefox, chrome and many other browsers. And the sad news is that the fix is not running on many websites, which also includes the main website of University of Michigan. The correction of Logjam is said to affect more than thousand websites.
The Vulnerability of Logjam is very similar to FREAK. According to researchers, Diffie- Hellman is an encryption protocol that is a big weakness of the new bug. Many researchers are of view that NSA is an ardent user of Logjam. The significant danger is from the new age attackers who have plentiful resources like state level hackers and intelligence agencies. Snowden has revealed that how NSA cracked the prime numbers that are crucial to Diffie-Hellman and this is enough for NSA to access the traffic coming in and out from SSH, VPN, and HTTPS as there security is related to these cracked prime numbers. In last few years we have seen BEAST, POODLE, CRIME, and OpenSSL Heartbleed emerging as digital threats.
The process of encryption by Diffie-Hellman is very simple as it degrades the protection of connections with 512 bit as they are relatively easier to attack and can be easily cracked with the use of algorithms. Here are some of the weaknesses of Diffie-Hellman.
- Logjam attack threat to TLS Protocol.
- Risk from adversaries at state level.
Who is prone to Logjam attack?
DHE_EXPORT ciphers supported TLS based Services, mail servers and other websites are severely prone to Logjam Attack. Internet-wide scanning is used to measure which digital platform is vulnerable to the Logjam attack. Protocols like HTTPS-upper 1 million domains, SMTP+StartTLS- IPv4 Address Space, IMAPS-IPv4 Address Space, HTTPS- Browser trusted sites, POP3S-IPv4 Address Space, IKEv1(IPSec VPNs)-IPv4 Address Space, and SSH-IPv4 Address Space are highly vulnerable to Logjam Attack.
What should be done to get rid of this problem?
In case you have got mail server or a web, you should first put off support for suites with export cipher and then generate a never created before Diffie-Hellman group of 2048-Bit. If SSH is used by you then you should update both client installations and the server to the latest Open SSH version available. Elliptic-Curve Diffie-Hellman is used by the latest version of Open SSH as a key exchange. And in case if you are a browser user you should be ready with the latest browser version in stalled in your system and keep yourself updated with new updates available. Fixes are deployed by Mozilla Firefox, Apple safari, and Microsoft Internet Explorer to counter latest wave of Logjam Attack. There is also solution available for developers and Sysadmins, they are recommended to assure themselves that they are using updated TSL libraries. And they should ignore Diffie-Hellman group inferior to 1024 bit.