Logjam SSL/TLS Vulnerability: Time to FREAK Out Again?

Similar to FREAK, but Not as Bad?

Late last month, a security vulnerability similar to FREAK was announced. Dubbed Logjam, we noted in in our weekly Security Roundup, but it didn’t get as much media attention as it’s cousin FREAK (or as good a branding campaign as Heartbleed). However, it’s still important as a reminder that cryptography does become obsolete over time (and that keeping your software up to date is thus crucial to security). It should also remind us (and people who should know better) that building anything less than the absolute strongest cryptography has bad side effects, since Logjam exploits flaws left in place from previous efforts to intentionally weaken encryption.

Keep reading to learn more about Logjam (and a few interesting facts about obsolete crypto).


Logjam vs FREAK

Both the FREAK (Factoring Attack on RSA-EXPORT Keys) vulnerability and Logjam are made possible by the retention of old cipher keys (export quality ciphers – i.e. less than 1024 bits for the keys). According to the Logjam report:

“The attack is reminiscent of the FREAK attack, but is due to a flaw in the TLS protocol, rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange, rather than an RSA key exchange.”

Here’s the conclusion from the rather lengthy white paper:

The Diffie-Hellman key exchange is a cornerstone of many cryptographic protocols. Despite its relative simplicity and elegance, practical complications and technical debt over decades have left modern implementations vulnerable to 11 attack from even low-resource adversaries. Additionally, due to a breakdown in communication between cryptographers and system implementers, there is evidence that suggests the way we are using Diffie-Hellman in today’s protocols is insufficient to protect against state-level actors. As we move to using newer key exchanges, it is important to ensure that our implementations and protocols remain adaptable and can be easily updated to the relevant dynamic changes in the underlying cryptographic requirements.

(Also, since you’re wondering about the name; attackers crack a logarithm and then jam their own fake results into their messages. Again, not branded as well as Heartbleed, but the researchers had to work with what they found, we guess.)

Patches for Logjam Vulnerability

While many companies had already removed older cipher suites that were exportable with the announcement of the FREAK vulnerability, both browsers and servers need to be fixed again to prevent Logjam attacks. Microsoft, Google and Mozilla announced plans to ensure Logjam wouldn’t become a problem with their browsers. The researchers have helpfully provided an online resource (https://weakdh.org/) to test browsers. Unfortunately,when SSL.com tested currently up-to-date versions of the three major browsers, only Internet Explorer passed – both Chrome (as of version 43.0.2357.81) and Firefox (version 38.0.5) show as vulnerable to Logjam.

The discoverers have also provided a central site for how to fix Logjam issues in various server environments (located at https://weakdh.org/sysadmin.html).

Problem of Obsolete Cryptography

The Egyptians were the first humans known to have used cryptography (circa 1900 B.C.) Hundreds of years later, the Greeks learned about ciphers and how to use them to keep knowledge secret. The Arabs were the first to use modern cryptography techniques to protect information. Even without computers, they were able to use their advanced math skills to break older systems of cryptography as well as come up with new ways to encrypt information – techniques that were used from 800 A.D until the Second World War.

Since the earliest days, cryptography has gone through consistent and constant changes as codes previously thought to be unbreakable were cracked and new ones devised. In the Information Age, with online commerce and security built on encryption, the problem is even worse. Computers have made it possible to break even very tough cryptography, and almost trivial to crack cryptographic methods invulnerable only a decade ago. This is why the recommended key size for best security keeps getting larger and larger – as computing technology increases in power, techniques to protect the data need to constantly evolve.

This also highlights the primary problem with the weaker cryptography used for export-grade software. U.S. politicians in the 1990s wanted to only export cryptography technology with fixed, intentionally-low key sizes, and stuck these weak keys into software through legislation. Decades later, this has created a problem that’s come back to bite us in a big way.

The SSL Takeaway

While the math behind today’s most used ciphers is strong and can’t be cracked currently, that doesn’t mean that it will still be safe in the future as more computing power becomes cheaper. No one can tell what’s on the horizon, but Logjam should remind you to make sure your software is updated – automatically if possible. With new vulnerabilities appearing all the time, it’s important to take steps to ensure your data is safe at all times.

Homework: If the P vs. NP problem gets solved, does modern cryptographic software become obsolete? If so, how?