what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice

Imperfect Forward Secrecy: How Diffie-Hellman Fails In Practice
Posted Oct 15, 2015
Authored by Eric Wustrow, J. Alex Halderman, Karthikeyan Bhargavan, Matthew Green, Pierrick Gaudry, David Adrian, Benjamin VanderSloot, Nadia Heninger, Drew Springall, Luke Valenta, Paul Zimmermann, Emmanuel Thome, Zakir Durumeric, Santiago Zanella-Beguelin

This paper investigates the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, they present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman. To carry out this attack, the researchers implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, they can compute arbitrary discrete logs in that group in about a minute. They found that 82% of vulnerable servers use a single 512-bit group, allowing them to compromise connections to 7% of Alexa Top Million HTTPS sites. They go on to consider Diffie-Hellman with 768- and 1024-bit groups. They estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. They conclude that moving to stronger key exchange methods should be a priority for the Internet community.

tags | paper, web, arbitrary, protocol
SHA-256 | 34229b5a84df1c71f6a8f6c2fbd22fb444d37a13ea7fdfe2f50f3fe60983e984
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close