Logjam: Breaking Diffie-Hellman

I’m a little bit late to the game, but the latest news in the crypto world (aside from Duqu 2.0) is the Logjam attack, which breaks the asymmetric Diffie-Hellman key exchange protocol by forcing a server to use a weaker level of encryption, if you haven’t read about it, I recommend you go straight to the source. They even have a video of them implementing the attack.

This unique for two reasons, and not so unique (maybe even inevitable) for one:

  1. It attacks a weakness in the TLS protocol itself. Most attacks focus on vulnerabilities in common implementations of protocols, but there’s not a single TLS implementation that wouldn’t suffer from Logjam.
  2. Using the number field sieve algorithm for precomputation, researchers were able to demonstrate an academic attack on a 768-bit prime factor, and the descent (the process by which the attack capitalizes on precomputation and actually implements decryption) for a 512 bit key was fast enough to implement in near real-time

All of this is due to a little thing called export-grade cipher suites (this is the one not-so-unique thing). According to Digicert (in the context of the FREAK attack):

“During the 90s, U.S. government set up rules for the export of encryption systems. These rules limited the strength of the [encryption keys] to a maximum of 512 bits in any Secure Socket Layer (SSL) implementations targeted for export. Eventually the rules changed. The “export” cipher suites stopped being used and by the year 2000 browsers were able to use a higher-security SSL.”

That’s right, for “national security purposes”, the US government required, for a period, that software targeted for export purposefully use weak encryption. The thought was, 512 would be sufficient for most applications, but hard enough to break for anybody that wasn’t the US government. To put this in perspective, back in the 90s the most powerful supercomputers were just breaking the teraflop barrier (ASCI Red peaked as 1.3 tflops using just around a terabyte of memory). Today, Tianhe-2 is the current most powerful supercomputer, and it can process over 33 petaflops.

Put another way, back in 1999, we were just getting the Nokia 3210. Today, Nokia no longer makes phones and smartphones power Lego-based robots that solve Rubiks’ Cubes in under 5 seconds. Simply put, this was inevitable. As too many celebrities have become aware, nothing ever goes away on the internet. Not naked pictures, not racist or offensive tweets, and certainly not export-grade cryptographic cipher suites.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.