Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security 2015
DOI: 10.1145/2810103.2813707
|View full text |Cite
|
Sign up to set email alerts
|

Imperfect Forward Secrecy

Abstract: We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to "export-grade" Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We find that… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
1
1
1
1

Citation Types

0
24
0
2

Year Published

2016
2016
2022
2022

Publication Types

Select...
5
3
1

Relationship

0
9

Authors

Journals

citations
Cited by 269 publications
(26 citation statements)
references
References 45 publications
0
24
0
2
Order By: Relevance
“…Cryptosystems offering 80 bits of security or less, which were phased out in 2011-2013, are at the greatest risk: they can be broken now at a cost ranging from tens of thousands to hundreds of millions of dollars [12,13,14,15]. Cryptosystems offering 112 bits of security are likely to remain secure for some time: they may be breakable for a budget of a billion dollars in 30 to 40 years 3 (using classical computers).…”
Section: The Path Forwardmentioning
confidence: 99%
“…Cryptosystems offering 80 bits of security or less, which were phased out in 2011-2013, are at the greatest risk: they can be broken now at a cost ranging from tens of thousands to hundreds of millions of dollars [12,13,14,15]. Cryptosystems offering 112 bits of security are likely to remain secure for some time: they may be breakable for a budget of a billion dollars in 30 to 40 years 3 (using classical computers).…”
Section: The Path Forwardmentioning
confidence: 99%
“…More information about the topic may be found on specialized web pages, such as open-source project called OpenSSL (2016c), specialized webpages and technical papers about DROWN attack (Aviram et al, 2016) or about Diffie-Hellman key exchange (Adrian et al, 2015).…”
Section: Test Resultsmentioning
confidence: 99%
“…They want to be able to decrypt traffic that is inside their networks. So they asked the TLS WG to restore some of the removed cipher suites or provide some other mechanism to support their internal network requirements (Checkoway, ; see also Adrian et al, ).…”
Section: Why Code Is Not Law: Two Case Studiesmentioning
confidence: 99%