Logjam is a security flaw targeting the widely-used Diffie-Hellman key exchange encryption method. In this attack, an intruder can lower the encryption strength of susceptible TLS connections to a weaker form, which can subsequently be breached to access, alter, or misappropriate confidential information.
See also: man-in-the-middle attack
- Man-in-the-middle attacks: Logjam allows attackers to intercept and decrypt communication between a client and a server, acting as the man-in-the-middle.
- Exploiting weak cryptography: By downgrading TLS connections to 512-bit export-grade cryptography, attackers can crack the encryption and gain access to sensitive information.
- HTTPS connections. Websites that support the DHE_EXPORT ciphers are at risk of the Logjam attack. An attacker can force the use of a weakened, export-grade key, then compute the discrete log for that weak key and decrypt the session. This might expose sensitive data, such as login credentials or personal information.
- Mail servers. Secure email servers using STARTTLS for SMTP could be vulnerable if they support weak Diffie-Hellman parameters. An attacker could potentially intercept and decrypt emails in transit.
Protecting against Logjam
- Regularly updated software: Browsers and server software should be kept up-to-date. This is crucial because updates often contain patches for security vulnerabilities.
- Strong encryption: Servers should be configured to use strong Diffie-Hellman groups.
- VPNs with robust encryption standards: Such VPNs can secure the internet connection.