Not again! Another legacy encryption flaw could explain how the NSA and co cracked encrypted communications
Microsoft and a number of academics have revealed another legacy vulnerability to do with encryption algorithms.
The find comes after the recent discovery of another legacy encryption vulnerability, dubbed “FREAK”, back in March this year.
The latest SSL flaw however has been called the LogJam attack vulnerability by Microsoft Research, which teamed up with a number of American and French universities including John Hopkins, the University of Pennsylvania, and INRIA Paris-Rocquencourt.
Like the FREAK vulnerability, the LogJam flaw dates back to the 1990s, when the United States maintained export restrictions on encryption technology. Indeed, the US had until 1999, banned companies from shipping any products overseas that contained strong encryption, as it deemed encryption to be a munition. But it had allowed the exportation of weaker and more breakable “export-grade encryption”.
The new flaw is potentially very serious indeed, as the researchers claim that it affects about 8 percent of the top one million HTTPS security-protected websites. This potentially means that one is every ten websites that people believe are secure, can contain this vulnerability.
The LogJam flaw concerns SSL communication, whereby a user assumes that their web browsing is secured by the presence of the padlock icon in the address bar of the web browser. Essentially the LogJam flaw affects an algorithm called the “Diffie-Hellman key exchange”. This algorithm allows protocols such as HTTPS, SSH, IPsec, SMTPS to negotiate a shared key and create a secure connection when browsing.
The Diffie-Hellman key exchange algorithm can be compromised by a “man-in-the-middle” attack, which would allow the attackers to downgrade a connection to a 512-bit encryption. Whilst 512-bit encryption is certainly better than 256-bit encryption, it is not strong enough to resist the computing resources of government agencies such as the NSA or GCHQ for example.
Indeed, it is thought that those government agencies have the supercomputing power to crack 512-bit encryption in just a few minutes. And it is worth noting that the NSA is widely believed to be capable of breaking 1024-bit encryption as well.
“In the 1024-bit case, we estimate that such computations are plausible given nation-state resources, and a close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break,” wrote the researchers.
“The Diffie-Hellman key exchange is a cornerstone of many cryptographic protocols,” they said. “Despite its relative simplicity and elegance, practical complications and technical debt over decades have left modern implementations vulnerable to attack from even low-resource adversaries. Additionally, due to a breakdown in communication between cryptographers and system implementers, there is evidence that suggests the way we are using Diffie-Hellman in today’s protocols is insufficient to protect against state-level actors.”
The good news is that web browser companies are already working on fixes, by effectively blocking weaker 512-bit or weaker encryption keys.
But it should be noted that users may not be able to access certain websites after they upgraded their browser. Indeed, the Wall Street Journal estimates that 20,000 websites could be blocked by the patched browsers.
“The solution is relatively simple – you disable this legacy function on your system,” Prof Alan Woodward, a cybersecurity expert at the University of Surrey, was quoted by the BBC as saying.
“Unfortunately, some older web servers might then be prevented from starting a secure conversation with the updated web browsers as they would support only that older, shorter, weaker key lengths,” Professor Woodward said. “But do you really want this backward compatibility if it means others could be forced to use this weaker form of encryption?”
What do you know about Internet security? Find out with our quiz!