Skip to content

‘Logjam’ crypto bug could be how the NSA cracked VPNs


Johns Hopkins crypto researcher Matthew Green thinks he might have an explanation for how the NSA attacked VPN services: flaws in how TLS implements Diffie-Hellman crytography.

In what’s bound to be the next big branded bug, Green says servers that support 512-key “export-grade” Diffie-Hellman (DH) can be forced to downgrade a connection to that weak level. The server – and therefore the client – will both still believe they’re using stronger keys such as 768-bit or 1024-bit.

Like so many things – including the similar FREAK flaw – the bug is ancient: a 20-year-old SSL bug that was inherited by TLS.

Green has hosted a site discussing what’s being called “Logjam”,, with a detailed academic paper here (PDF).

Green’s already been in touch with the major browser vendors, and says they’re in the process of implementing a more restrictive policy on the size of Diffie-Hellman groups they will accept.

Logjam is another exploit of the 1990s-era crypto-wars: “To comply with 1990s-era U.S. export restrictions on cryptography, SSL 3.0 and TLS 1.0 supported reduced-strength DHE_EXPORT ciphersuites that were restricted to primes no longer than 512 bits”, the paper notes.

Because “export grade” hangs around in ciphersuites, “a man-in-the-middle can force TLS clients to use export strength DH with any server that allows DHE_EXPORT.”

“The attack affects any server that supports DHE_EXPORT ciphers, and affects all modern web browsers. 8.4% of the Top 1 Million domains were initially vulnerable,” Green writes at the Logjam site.

logjam test

Where 512-bit keys are supported, after an initial long computation, Green writes that “an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18 per cent of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66 per cent of VPN servers and 26 per cent of SSH servers.”

That’s where the spooks come in: “A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break.”


White Paper

One Comment
  1. Reblogged this on TheFlippinTruth.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: