According to the Diffie-Hellman key exchange get affected by logjam, and openID uses this to establish an association. So how this going to affect OpenID?
Asked
Active
Viewed 232 times
2
-
I would checkout [this question/answer](http://security.stackexchange.com/questions/89689/what-is-logjam-and-how-do-i-prevent-it?s=1|1.2437) for details on Logjam – RoraΖ May 21 '15 at 13:00
1 Answers
2
logjam is not (even remotely) a break of the Diffie-Hellman key exchange method. It is a weakness of the TLS protocol. It affects only sessions, not credentials. It will soon be fixed. I estimate zero impact on OpenID. The "bad guys" cannot do MITM, only governments and ISPs could (in principle) do MITM.
Atsby
- 1,098
- 7
- 6
-
1No longer "in principle". -> Wiki: [Quantum Insert](https://en.wikipedia.org/wiki/Tailored_Access_Operations#QUANTUM_attacks) – StackzOfZtuff May 21 '15 at 10:19
-
-
There are plenty of opportunities for even run of the mill bad guys to MITM... Running rogue hotspots in hotels/airports/etc... makes it very easy to achieve... – Bruno Rohée Oct 16 '15 at 17:31