Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit here or GitHub Ξ
Ξ If you're looking for tutorials/guides, check out the new https://cryptostorm.is/#section6 Ξ

[El Reg] 'Logjam' crypto bug could be how the NSA cracked VPNs

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.
User avatar

Topic Author
parityboy
Site Admin
Posts: 1283
Joined: Wed Feb 05, 2014 3:47 am

[El Reg] 'Logjam' crypto bug could be how the NSA cracked VPNs

Postby parityboy » Wed May 20, 2015 6:12 pm

Johns Hopkins crypto researcher Matthew Green thinks he might have an explanation for how the NSA attacked VPN services: flaws in how TLS implements Diffie-Hellman crytography.

In what's bound to be the next big branded bug, Green says servers that support 512-key “export-grade” Diffie-Hellman (DH) can be forced to downgrade a connection to that weak level. The server – and therefore the client – will both still believe they're using stronger keys such as 768-bit or 1024-bit.

Like so many things – including the similar FREAK flaw – the bug is ancient: a 20-year-old SSL bug that was inherited by TLS.

Green has hosted a site discussing what's being called "Logjam", Weakdh.org, with a detailed academic paper here (PDF).

Source


VirtuosicVagabond
Posts: 9
Joined: Tue Dec 30, 2014 11:48 pm

Re: [El Reg] 'Logjam' crypto bug could be how the NSA cracked VPNs

Postby VirtuosicVagabond » Wed Jun 17, 2015 10:42 am

I find it baffling that Chrome and Firefox haven't been patched for Logjam, but IE is patched.

I also find it baffling that pj or someone else didn't reply to this topic.

User avatar

marzametal
Posts: 520
Joined: Mon Aug 05, 2013 11:39 am

Re: [El Reg] 'Logjam' crypto bug could be how the NSA cracked VPNs

Postby marzametal » Thu Jun 18, 2015 4:06 pm

Their silence in recent weeks (don't have Twitter so don't know if they are active on there) is a bit worrying. Got dramas in Windows 3rd party security software outbound connection requests, which no one on Wilders or MalwareTips wants to address... things are gonna' get hectic.


Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: No registered users and 8 guests

Login