0

As I understand it, the Logjam TLS attack is an attack that downgrades the DHE cipher suite used by the server to DHE_EXPORT. Where the client thinks it is talking DHE 512 and the server things it's talking DHE_EXPORT (which is 512 but with a different name?).

It is not possible to downgrade to a lower (weaker) bit DHE ciphers: it is just a cipher downgrade.

schroeder
  • 123,438
  • 55
  • 284
  • 319
Wealot
  • 879
  • 2
  • 12
  • 25

1 Answers1

1

In Logjam attack, the client presents a list of cipher suites (includes some strong cipher and EXPORT cipher as well). A Man-in-the-Middle attack will change this request such that highest grade cipher in the request becomes the EXPORT grade cipher.

The server doesn't want to reject this request (it could be an eCommerce website and server don't want to lose business), so the shared secret is derived using export grade cipher suite which can be broken if that prime group is sieved using GNFS.

Check out this video, it's a long one but from the authors of Logjam https://www.youtube.com/watch?v=mS8gm-_rJgM

schroeder
  • 123,438
  • 55
  • 284
  • 319
Chits
  • 83
  • 7
  • So it is correct that it is only logjam if the EXPORT cipher suite is used in exploitation/is allowed by the server? – Wealot Jul 04 '17 at 13:24
  • cannot confirm , because it could be legitimate request from client but now-a-days browser are cautious and it never fallback to these cipher suites infact 1024 bit key size is getting phased out. As per NIST Key length should be of size of 2048 or more after 2013 onwards . http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-131a.pdf – Chits Jul 04 '17 at 15:07