{"id":77074,"date":"2015-05-26T22:00:53","date_gmt":"2015-05-27T02:00:53","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2022-08-25T12:41:59","modified_gmt":"2022-08-25T16:41:59","slug":"another-hole-in-internet-armor","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/another-hole-in-internet-armor\/","title":{"rendered":"Another Hole in Internet Armor"},"content":{"rendered":"

\"Another<\/a>Another hole<\/strong>\u00a0in our Internet armor has been discovered. The hole is in the\u00a0Diffie-Hellman key exchange<\/a><\/strong>,\u00a0a popular cryptographic<\/strong> algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is fundamental to many protocols including HTTPS<\/a>, SSH<\/a>, IPsec<\/a><\/strong>, SMTPS<\/a>, and protocols that rely on TLS<\/a><\/strong>.<\/p>\n

\"Diffie-Hellman<\/a>Researchers<\/a> from the University of Michigan<\/a>, Inria<\/a>, Microsoft Research<\/a>, Johns Hopkins University<\/a>, and the University of Pennsylvania<\/a> have uncovered several weaknesses<\/strong><\/a> in how Diffie-Hellman<\/strong> key exchange has been deployed. In what they are calling the Logjam attack<\/strong> the DF flaw allows a man-in-the-middle attacker to downgrade vulnerable TLS connections to 512-bit export-grade cryptography<\/strong>. This allows the attacker to read and change any data passed over the connection.<\/p>\n

The problem, according to the researchers, is that millions of HTTPS, SSH, and VPN servers all use the same prime numbers<\/strong> for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve\u2014the most efficient algorithm for breaking a Diffie-Hellman connection\u2014is dependent only on this prime. After this first step, an attacker can quickly break individual connections<\/strong>.<\/p>\n

\"prime<\/a>To prove this hypothesis, the researchers carried out this computation against the most common 512-bit prime number used for TLS and demonstrated that the Logjam attack can be used to downgrade connections to 80% of TLS servers supporting DHEEXPORT.<\/p>\n

They also estimated that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains.\u00a0A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers.<\/p>\n

\"VPNThere is speculation that this “flaw” was being exploited by nation-state bad actors<\/strong>. A close reading of published NSA leaks shows that the agency’s attacks on VPNs<\/a> are consistent with having created, exploited, harnessed the Logjam vulnerability.<\/p>\n

What should you do?<\/p>\n

1 – Go to the researcher’s website <\/strong>https:\/\/weakdh.org\/<\/a><\/strong>\u00a0to see if your browser is secure from the Logjam flaw. (It reported that Google Chrome\u00a0Version 43.0.2357.81 (64-bit) on OSX 10.10.3 was not secure<\/em>}<\/p>\n

2 –\u00a0Microsoft<\/a> (MSFT<\/a>) patched<\/strong> the Logjam flaw on May 12 with security bulletin MS15-055<\/a>. A Microsoft spokesperson told eWEEK;<\/a> <\/em><\/p>\n

Customers who apply the update, or have automatic updates enabled, will be protected.\u00a0We encourage all customers to apply the update to help stay protected.<\/em><\/p>\n

3 –\u00a0Google<\/a> (GOOG<\/a>) fixed<\/strong> the issue with the Chrome 42 update, which debuted<\/a> on April 15. Google engineer Adam Langley wrote<\/a>;<\/p>\n

We disabled TLS False-Start with\u00a0Diffie-Hellman (DHE) in Chrome 42, which has been the stable version for many weeks now.<\/em><\/p>\n

\"patch<\/a>4 – Mozilla’s patch for Firefox isn’t out yet<\/strong>, but “we expect it to be published in the next few days,” Richard Barnes, cryptographic engineering manager at Mozilla, told eWEEK<\/em>.<\/p>\n

5 –\u00a0DarkReading<\/a><\/em> reports that on the server-side, organizations such as Apache<\/a>, Oracle<\/a> (ORCL<\/a>),\u00a0IBM<\/a> (IBM<\/a>),\u00a0Cisco<\/a> (CSCO<\/a><\/strong>)<\/strong>, and various hosting providers have been informed of the issue. There has been no response<\/strong> from these tech titans.<\/p>\n

The researchers have also provided guidance:<\/p>\n

    \n
  1. If you have a web or mail server<\/strong>, they recommend \u00a0–\u00a0disable support for export cipher suites<\/strong> and generate a unique 2048-bit Diffie-Hellman group. They\u00a0have published a Guide to Deploying Diffie-Hellman for TLS<\/a> with step-by-step instructions.<\/li>\n
  2. If you use SSH<\/strong>, you should upgrade both your server and client installations<\/strong> to the most recent version of OpenSSH<\/a>, which prefers the Elliptic-Curve Diffie-Hellman Key Exchange.<\/li>\n
  3. If you\u2019re a sysadmin or developer, make sure any TLS libraries you use are up-to-date<\/strong>, that servers you support use 2048-bit or larger primes<\/strong>, and that clients you maintain reject Diffie-Hellman primes smaller than 1024-bit.<\/li>\n<\/ol>\n

    rb-<\/em><\/strong><\/p>\n

    Finally, get involved. Write someone, your representative, senator, your favorite bureaucrat, the president, your candidate, and tell them to get out of the way.\u00a0<\/em><\/p>\n

    Ars Technica notes<\/a> that Logjam is partly caused by export restrictions put in place by the US government in the 1990s, to allow government agencies the ability to break the encryption used in other countries. “Logjam shows us once again why it’s a terrible idea to deliberately weaken cryptography, as the FBI<\/a> and some in law enforcement are now calling for<\/a>,” said Michigan’s\u00a0J. Alex Halderman to the report. “Today that backdoor is wide open.”<\/em><\/p>\n

     <\/p>\n

    Related articles<\/h6>\n