Sites Inria

Version française


Related team: PROSECCO / CARAMEL - 9/06/2015

Logjam: a new security flaw in cryptographic algorithms

Karthik Bhargavan

In March, the Internet was thrown into turmoil by the FREAK attack discovered by the PROSECCO team. Following the discovery of the Logjam vulnerability, Karthik Bhargavan, who heads this team (focusing on verifying the cryptographic mechanisms used to secure internet communication: cryptographic protocols, smart cards, secure flash drives, encrypted databases, etc.) and who is one of the researchers who worked on the discovery, told us about it in more detail.

Can you explain what LogJam is?

"Logjam is a new vulnerability in TLS, the cryptographic protocol used to protect all websites that begin with https:// "

Along with a team of researchers (from INRIA, LORIA, Microsoft Research, University of Michigan, University of Pennsylvania and Johns Hopkins University) we found that this vulnerability can be used by an attacker to break into connections that were previously considered strongly secure.


What are the risks entailed with this new vulnerability?

There are two sides to Logjam.

First, we find that about 8% of popular websites support weak cryptographic parameters that can be broken by anyone with a few weeks of computation on a modern desktop computer. This means that your connections to these websites can be broken into by anyone who sits in the same wi-fi café.

Second, we speculate that some commonly used cryptographic parameters on the Internet can be broken by state-level agencies with access to supercomputers. This would mean that many of your online connections (email, web, VPN) can be read by powerful agencies, even if you use secure communication protocols.


Is the LogJam attack similar to FREAK, another vulnerability discovered recently?

Both FREAK and Logjam are concerned with the continued use of obsolete export-grade cryptography from the 1990s. FREAK exploits an implementation bug and attacks connections based on the RSA algorithm. Logjam, on the other hand, uncovers a flaw in the TLS protocol itself and attacks connections based on the Diffie-Hellman algorithm.

It is worth noting that while the use of RSA in TLS has been subject to previous attacks, Diffie-Hellman was previously highly-recommended because of its strong "forward" secrecy guarantees. Logjam shows that this recommendation was flawed.

  • Related team: PROSECCO / CARAMEL

Keywords: LogJam CARAMEL PROSECCO Cryptography FREAK TLS Protocol