Logjam attack
7 views
Skip to first unread message
Jeremy Morse
Oct 17, 2015, 12:19:09 PM10/17/15
to srobo...@googlegroups.com
Hi,
The logjam attack on TLS has been around for a while [0], and I haven't
been paying attention to much of it (thanks for eyeballing it Peter).
The summary is that people with nation-state resources can precompute
what are essentially rainbow tables for cracking certain TLS key exchanges.
This isn't really something we have to be concerned with as we're hardly
a high value target. However, websites like SSL labs [1] have been
scoring sites lower if they're vulnerable to logjam. So, I put a little
attention in.
The fix is to generate our own prime for use in key exchanges. I've just
done that now on a home machine. It's baked into puppet and will be on
any dev VMs people deploy. As far as I'm aware, there are no real
security implications from this.
(The end; I figure no-one cares but I may as well point out that we're
covered).
[0] https://weakdh.org/
[1]
https://www.ssllabs.com/ssltest/analyze.html?d=studentrobotics.org&latest
--
Thanks,
Jeremy
The logjam attack on TLS has been around for a while [0], and I haven't
been paying attention to much of it (thanks for eyeballing it Peter).
The summary is that people with nation-state resources can precompute
what are essentially rainbow tables for cracking certain TLS key exchanges.
This isn't really something we have to be concerned with as we're hardly
a high value target. However, websites like SSL labs [1] have been
scoring sites lower if they're vulnerable to logjam. So, I put a little
attention in.
The fix is to generate our own prime for use in key exchanges. I've just
done that now on a home machine. It's baked into puppet and will be on
any dev VMs people deploy. As far as I'm aware, there are no real
security implications from this.
(The end; I figure no-one cares but I may as well point out that we're
covered).
[0] https://weakdh.org/
[1]
https://www.ssllabs.com/ssltest/analyze.html?d=studentrobotics.org&latest
--
Thanks,
Jeremy
Jeremy Morse
Jan 28, 2016, 10:32:48 AM1/28/16
to srobo...@googlegroups.com
Hi,
A recent OpenSSL advisory (CVE-2016-0701) sounds like it overlaps with
this (Logjam) problem.
My reading of it is that, because we're using diffie-hellman only for
key negotiation not signing things, it doesn't affect our configuration
at all. Only digital signature stuff is affected.
(If someone else has a different reading, please do say).
--
Thanks,
Jeremy
A recent OpenSSL advisory (CVE-2016-0701) sounds like it overlaps with
this (Logjam) problem.
My reading of it is that, because we're using diffie-hellman only for
key negotiation not signing things, it doesn't affect our configuration
at all. Only digital signature stuff is affected.
(If someone else has a different reading, please do say).
--
Thanks,
Jeremy
Peter Law
Jan 28, 2016, 3:43:27 PM1/28/16
to srobo...@googlegroups.com
affect TLS connections (and this appears to be confirmed by a Red Hat
posting about it [2]). However, Ars [3] agree with you and further
state that Apache turns on the SSL_OP_SINGLE_DH_USE option which
avoids it entirely (a blog post by the apparent discoverer of the bug
[4] also states this).
While I wouldn't trust our security entirely to an Ars article, it
seems more like that the above is missing something.
*further reading occurs*
As I understand it, the only way to *generate* one of the (requisite)
unsafe primes is when doing things related to key signing, though
their *use* anywhere could cause issues. If this is correct then we're
fine as we aren't (AFAIK) generating any such primes.
The thing I don't know, but which would have a bearing on this, is
whether we use one of the "static" DH cyphersuites (since they're
always vulnerable).
Thanks,
Peter
[1] https://www.openssl.org/news/secadv/20160128.txt
[2] https://access.redhat.com/security/cve/cve-2016-0701
[3] http://arstechnica.com/security/2016/01/high-severity-bug-in-openssl-allows-attackers-to-decrypt-https-traffic/
[4] http://intothesymmetry.blogspot.co.uk/2016/01/openssl-key-recovery-attack-on-dh-small.html
Reply all
Reply to author
Forward
0 new messages