Logjam (computer security)

Logjam is a security vulnerability in systems that use Diffie–Hellman key exchange with the same prime number. It was discovered by a team of computer scientists and publicly reported on May 20, 2015.^[1] The discoverers were able to demonstrate their attack on 512-bit (US export-grade) DH systems. They estimated that a state-level attacker could do so for 1024-bit systems, then widely used, thereby allowing decryption of a significant fraction of Internet traffic. They recommended upgrading to at least 2048 bits for shared prime systems.^[2]^[3]^[4]

^ "The Logjam Attack". weakdh.org. 2015-05-20. Archived from the original on 2021-03-29. Retrieved 2015-05-20.
^ Dan Goodin (2015-05-20). "HTTPS-crippling attack threatens tens of thousands of Web and mail servers". Ars Technica. Archived from the original on 2017-05-19. Retrieved 2022-04-30.
^ Charlie Osborne (2015-05-20). "Logjam security flaw leaves top HTTPS websites, mail servers vulnerable". ZDNet. Archived from the original on 2015-05-23. Retrieved 2015-05-23.
^ Valentino-DeVries, Jennifer (2015-05-19). "New Computer Bug Exposes Broad Security Flaws". The Wall Street Journal. Archived from the original on 2022-02-24. Retrieved 2022-04-30.

[paper-1] "The Logjam Attack". weakdh.org. 2015-05-20. Archived from the original on 2021-03-29. Retrieved 2015-05-20.

[2] Dan Goodin (2015-05-20). "HTTPS-crippling attack threatens tens of thousands of Web and mail servers". Ars Technica. Archived from the original on 2017-05-19. Retrieved 2022-04-30.

[3] Charlie Osborne (2015-05-20). "Logjam security flaw leaves top HTTPS websites, mail servers vulnerable". ZDNet. Archived from the original on 2015-05-23. Retrieved 2015-05-23.

[4] Valentino-DeVries, Jennifer (2015-05-19). "New Computer Bug Exposes Broad Security Flaws". The Wall Street Journal. Archived from the original on 2022-02-24. Retrieved 2022-04-30.

[1]

[2]

[3]

[4]