[Ninux-Wireless] Weak Diffie-Hellman (The Logjam Attack)

[Germano Massullo]

Da https://weakdh.org/

Diffie-Hellman key exchange
<https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange> is a
popular cryptographic algorithm that allows Internet protocols to agree
on a shared key and negotiate a secure connection. It is fundamental to
many protocols including HTTPS, SSH, IPsec, SMTPS, and protocols that
rely on TLS.

We have uncovered several weaknesses in how Diffie-Hellman key exchange
has been deployed:

 1. *Logjam Attack against the TLS Protocol.* The Logjam attack allows a
    man-in-the-middle attacker to downgrade vulnerable TLS connections
    to 512-bit export-grade cryptography. This allows the attacker to
    read and modify any data passed over the connection. The attack is
    reminiscent of the FREAK attack <http://freakattack.com>, but is due
    to a flaw in the TLS protocol rather than an implementation
    vulnerability, and attacks a Diffie-Hellman key exchange rather than
    an RSA key exchange. The attack affects any server that supports
    DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the
    Top 1 Million domains were initially vulnerable.
 2.

    *Threats from state-level adversaries.* Millions of HTTPS, SSH, and
    VPN servers all use the same prime numbers for Diffie-Hellman key
    exchange. Practitioners believed this was safe as long as new key
    exchange messages were generated for every connection. However, the
    first step in the number field sieve—the most efficient algorithm
    for breaking a Diffie-Hellman connection—is dependent only on this
    prime. After this first step, an attacker can quickly break
    individual connections.

    We carried out this computation against the most common 512-bit
    prime used for TLS and demonstrate that the Logjam attack can be
    used to downgrade connections to 80% of TLS DHE EXPORT servers. We
    further estimate that an academic team can break a 768-bit prime and
    that a nation-state can break a 1024-bit prime. Breaking the single,
    most common 1024-bit prime used by web servers would allow passive
    eavesdropping on connections to 18% of the Top 1 Million HTTPS
    domains. A second prime would allow passive decryption of
    connections to 66% of VPN servers and 26% of SSH servers. A close
    reading of published NSA leaks shows that the agency's attacks on
    VPNs are consistent with having achieved such a break.

-------------- parte successiva --------------
Un allegato HTML è stato rimosso...
URL: <http://ml.ninux.org/pipermail/wireless/attachments/20150520/2e84d47a/attachment-0001.html>