Sites Inria

Version française


AB - 25/05/2015

Logjam: a new security flaw in cryptographic algorithms

A new vulnerability, Logjam, in SSL and TLS cryptographic protocols, which impacts approximately 8% of the Internet, has been updated. This discovery is related to the work of researchers at Microsoft Research, Johns Hopkins University, University of Michigan, University of Pennsylvania and Inria.

The Internet was already shaken up in March 2015 by the FREAK attack carried out by the Prosecco team at Inria Paris. The time for the new Logjam attack is near. It degrades the security of connections based on the Diffie-Hellman algorithm.  “By accessing the initial exchanges (the handshake) between the server and the client, we are able to degrade the security of the connection by reducing it to 512 bits ” explains Pierrick Gaudry, CNRS Director of Research and head of the Caramel team at Inria's Nancy-Grand Est Centre.

Karthik Bhargavan, head of the Prosecco team as well as part of the group of researchers who discovered the vulnerability, explains: “First of all, some 8% of popular websites use weak cryptographic parameters that can be hacked in a few weeks by a recent computer. If you are on one of these sites using public WIFI, anyone nearby can access your data. Secondly, we think that cryptographic parameters currently used on the Internet can be hacked by government agencies with access to supercomputers. This means that many of your connections (e-mail, web, VPN) can be read by these agencies, even if you use secure communication protocols.

The attack was possible in large part because of U.S. regulations, which are now obsolete, which prohibited the export of cryptographic software that was too secure. Transport Layer Security (TLS) protocol inherited a number of “genetic defects”, including this export mode, which is activated too often on the servers. Hundreds of thousands of web servers are affected by this vulnerability. Researchers describe measures to take to correct it at

The researchers also note that this discovery was made possible by the CADO-NFS software, which was designed and developed primarily by the Caramel team and is used to factor integers and calculate discrete logarithms. This functionality is at the centre of the Logjam attack. “It takes place in two phases , explains Emmanuel Thomé, Inria researcher Inria on the Caramel team. In the first phase, we perform a preliminary calculation that lasts about a week on an average size cluster. The result of this preliminary calculation consists of a file which is used in the second phase to attack any session in several tens of seconds.

Now we must see what can be learned from the FREAK and Logjam vulnerabilities ” concludes Pierrick Gaudry. In effect, for compatibility, numerous protocols are unnecessarily complex, which can result in numerous vulnerabilities.  The discovery of these vulnerabilities will thus oblige the designers to clean up the systems. To ensure greater security on the web, key size must exceed 1024 bits.

The security requirements for most of the software layers on the Internet are currently being upgraded as protection against Logjam. Since increasing key size has a certain cost, another option is to switch to elliptic curves, which require smaller keys and shorter calculation time for the same level of security.

It's a solution that will save time and money while improving security.

Keywords: Inria Paris PROSECCO project-team Caramel Inria Nancy - Grand Est