Pinterest Stumbleupon Whatsapp
Ads by Google

A novel encryption bug has surfaced recently, which could pose a threat to online privacy. Dubbed “LogJam,” the bug occurs in the TSL (the Transport Security Layer), an encryption protocol used to authenticate servers and conceal the contents of secure web activity (like your bank login).

The bug allows a man-in-the-middle attacker to force your browser, and the server it’s connected to, to use a weak form of encryption which is vulnerable to brute-force attacks. This is related to the ‘FREAK’ vulnerability SuperFREAK: New Security Bug Vulnerablity Affects Desktop & Mobile Browser Security SuperFREAK: New Security Bug Vulnerablity Affects Desktop & Mobile Browser Security The FREAK vulnerability is one that affects your browser, and it isn't limited to any one browser, nor any single operating system. Find out whether you're affected and protect yourself. Read More discovered and patched earlier this year. These bugs come on the heels of more catastrophic security issues like Heartbleed Heartbleed – What Can You Do To Stay Safe? Heartbleed – What Can You Do To Stay Safe? Read More and ShellShock Worse Than Heartbleed? Meet ShellShock: A New Security Threat For OS X and Linux Worse Than Heartbleed? Meet ShellShock: A New Security Threat For OS X and Linux Read More .

954px-Internet1

While patches are in the works for most major browsers, the fix may leave thousands of web-servers inaccessible until they’re upgraded with corrected code.

A Military Legacy

Unlike most security vulnerabilities, which are caused simply by programmer oversight 1,000 iOS Apps Have Crippling SSL Bug: How to Check if You're Affected 1,000 iOS Apps Have Crippling SSL Bug: How to Check if You're Affected The AFNetworking bug is giving iPhone and iPad users problems, with 1000s of apps carrying a vulnerability resulting in SSL certificates from being correctly authenticated, potentially facilitating identity theft through man-in-the-middle attacks. Read More , this vulnerability is at least partially intentional. Back in the early 1990’s, when the PC revolution got underway, the federal government was concerned that the export of strong encryption technology to foreign powers could compromise its ability to spy on other nations. At the time, strong encryption technology was considered, legally, to be a form of weaponry. This allowed to federal government to put limitations on its distribution.

As a result, when SSL (the Secure Socket Layer, predecessor to TSL) was developed, it was developed in two flavors – the US version, which supported full length keys 1024 bits or larger, and the international version, which topped out at 512-bit keys, which are exponentially weaker. When the two different versions of SSL talk, they fall back to the more easily broken 512-bit key. The export rules were changed due to a civil rights backlash, but for backwards-compatibility reasons, modern versions of TSL and SSL still have support for 512 bit keys.

Ads by Google

081203-N-2147L-390

Unfortunately, there’s a bug in the portion of the TSL protocol that determines which key-length to use. This bug, LogJam, allows a man-in-the-middle What Is A Man-In-The-Middle Attack? Security Jargon Explained What Is A Man-In-The-Middle Attack? Security Jargon Explained Read More attacker to trick both clients into thinking they’re talking to a legacy system which wants to use a shorter key. This degrades the strength of the connection, and makes it easier to decrypt the communication. This bug has been hidden in the protocol for about twenty years, and has only recently been uncovered.

Who’s Affected?

The bug currently affects about 8% of the top one million HTTPS-enabled websites, and a large number of mail servers, which tend to run outdated code. All major web browsers are affected except internet explorer. Affected websites would show the green https lock at the top of the page, but would not be secure against some attackers.

Browser makers have agreed that the most robust fix to this problem is to remove all legacy support for 512-bit RSA keys. Unfortunately, this will render some portion of the Internet, including many mail servers, unavailable until their firmware is updated. To check if your browser has been patched, you can visit a site set up by the security researchers who discovered the attack, at weakdh.org.

Attack Practicality

So how vulnerable is a 512-bit key these days, anyway? To find out, we first have to look at exactly what’s being attacked. Diffie-Hellman key exchange is an algorithm used to allow two parties to agree on a shared symmetric encryption key, without sharing it with a hypothetical snooper. The Diffie-Hellman algorithm relies on a shared prime-number, built into the protocol, which dictates its security. The researchers were able to crack the most common of these primes within one week, allowing them to decrypt about 8% of Internet traffic which was encrypted with the weaker 512-bit prime.

This puts this attack within reach for a “coffee shop attacker” – a petty thief snooping on sessions via public WiFi 3 Dangers Of Logging On To Public Wi-Fi 3 Dangers Of Logging On To Public Wi-Fi You've heard that you shouldn't open PayPal, your bank account and possibly even your email while using public WiFi. But what are the actual risks? Read More , and brute-forcing keys after the fact to recover financial information. The attack would be trivial for corporations and organizations like the NSA, who might go to considerable lengths to set up a man in the middle attack for espionage. Either way, this does represent a credible security risk, both for ordinary people and anyone who might be vulnerable to snooping by more powerful forces. Certainly, someone like Edward Snowden should be very careful about using unsecured WiFi for the forseeable future.

640px-Backlit_keyboard (1)

More worryingly, the researchers also suggest that standard prime-lengths which are considered secure, like 1024-bit Diffie-Hellman, might be vulnerable to brute-force attack by powerful government organizations. They suggest migrating to substantially larger key sizes to avoid this problem.

Is Our Data Secure?

640px-Nsa_sign

The LogJam bug is an unwelcome reminder of the dangers of regulating cryptography for purposes of national security. An effort to weaken the United States’ enemies has wound up hurting everyone, and making all of us less safe. It comes at a time when the FBI is making efforts to force tech companies to include backdoors in their encryption software. There’s a very good chance that if they win, the consequences for the coming decades will be just as serious.

What do you think? Should there be restrictions on strong cryptography? Is your browser secure against LogJam? Let us know in the comments!

Image credits: US Navy Cyberwarfare, Hacker Keyboard, HTTPNSA Sign by Wikimedia

  1. stevegossett64
    May 26, 2015 at 4:15 pm

    Additional - Safari appears to be patched.

  2. stevegossett64
    May 26, 2015 at 3:47 pm

    Even after updating both Firefox and Chrome, both still show up as vulnerable. My IE 11 is updated and still https://weakdh.org/test.html shows as vulnerable regardless of Microsoft stating a patch had already been released for it. According to Toms Guide at http://www.tomsguide.com/us/logjam-web-browser-vulnerability,news-20952.html, Google stated a chrome fix would be within weeks and Firefox stated within a few days. not sure what to make of IE still showing as vulnerable regardless of all updates being applied. Website issue on the weakdh site?

  3. Joe Blough
    May 23, 2015 at 3:33 pm

    Even FF2 has the above two settings in about:config.

    What's the difference between
    security.ssl3.dhe_rsa_aes_256_sha and
    security.ssl3.ecdhe_rsa_aes_256_sha ?

    There are MANY security.ssl3.* config settings. How to know which ones should be set to false? And there are none that include _512_ - is that correct? I have two that are 1024:

    security.ssl3.rsa_1024_des_cbc_sha
    security.ssl3.rsa_1024_rc4_56_sha

    Both set to FALSE. Should they be True?

    • Bruce Epper
      May 25, 2015 at 3:32 pm

      The only ones that matter start with security.ssl3.dhe_ which are the ones dealing with Diffie-Hellman key exchange.

  4. Wolfram Mikuteit
    May 23, 2015 at 2:43 pm

    @ PinkUnicorn

    for FF 38.0.1: change the following two settings in "about:config" from "true" to "false"

    security.ssl3.dhe_rsa_aes_128_sha
    security.ssl3.dhe_rsa_aes_256_sha

  5. PinkUnicorn
    May 23, 2015 at 1:46 pm

    Google Chrome 43.0.2357.65 m, Opera 29.0.1795.60 and Mozilla Firefox 38.0.1 are still vulnerable.

  6. Joe Blough
    May 23, 2015 at 1:14 pm

    Ah - I see that the browser test is automatically performed in an iFrame. The direct URL for the browser test is: https weakdh.org/test.html

    Firefox 2.0.0.20 and Netscape Navigator 9.0 (both running on win-98) apparently fail the test (Your web browser is vulnerable to Logjam). But Opera 12.02 (also running on win-98) is not vulnerable.

  7. Joe Blough
    May 23, 2015 at 1:00 pm

    I see no ability to perform a browser test at weakdh.org.

  8. Dave
    May 23, 2015 at 3:35 am

    It's a very easy fix for firefox:
    Disable the insecure ciphers here:

    (1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.

    (2) In the search box above the list, type or paste ssl3 and pause while the list is filtered

    (3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (this usually would be the first item on the list)

    (4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (this usually would be the second item on the list)

    That's it, you can test using: https://www.ssllabs.com/ssltest/viewMyClient.html

  9. Robert Halloran
    May 23, 2015 at 2:08 am

    Given the current push by the US intelligence agencies to backdoor encryption to make their work simpler, this could not have come at a better time to make the problems with their idea more obvious,

  10. MrHorror
    May 22, 2015 at 10:34 pm

    "To check if your browser has been patched, you can visit a site set up by the security researchers who discovered the attack, at weakdh.org."

    Out of four up-to-date browsers you will never quess which one is patched according to weakdh.org...

    IE! Well done MS and MUO!

  11. dragonmouth
    May 22, 2015 at 10:25 pm

    To err is human, to really F things up takes a government.

Leave a Reply

Your email address will not be published. Required fields are marked *