mercredi 20 mai 2015

Logjam attack

A new wide-impact cryptographic attack has been published a few hours ago: Logjam.

It's an attack on the Diffie-Hellman key exchange mechanism, with impact:

  • on TLS/SSL if the EXPORT algorithms are still enabled and if Diffie-Hellman parameters are lower than 2048-bit long;
  • on SSH when old versions of OpenSSH are still in use.

For this personal web site I use 8192-bit Diffie-Hellman parameters for some times now, so even if it may seem a high value I can at least consider me as walking on the safe side. ;-)

I'm wondering how the Apache HTTPd users will get out of this particular risk: there is no way to select a fixed set of Diffie-Hellman parameters in the configuration, even in the 2.4 versions (the DH length is automatically chosen based on the length of the key in the certificate, see Ivan Ristić's explanation). Final thought on this subject: Nagios NRPE (the Nagios monitoring agent) still uses 512-bit DH parameters with ADH for the "security" of its communication with the monitoring station...