Diffie-Hellman Key Exchange is a popular encryption algorithm.
The disclosed information about the Logjam Vulnerability (a variant of the FREAK vulnerability) has been sent to the browser manufacturer. The administrators of large websites are busy updating and repairing the websites they manage.
Currently, only Microsoft's IE browser has patch updates for this vulnerability.
Transport Layer Security (TLS) is used to encrypt the communication information between the browser and the website server. The Logjam vulnerability still exists in this Protocol. Hackers can intercept themselves in between users and servers, the original secure communication information can be intercepted. The most typical attack method is to launch MITM attacks in public Wi-Fi hotspots, then hackers can use this long-standing vulnerability to easily crack the intercepted information.
Similar to the FREAK vulnerability, Logjam (this vulnerability is exposed by an international team of experts from Microsoft, the University of Michigan, INRIA, and a French Research Institute) the vulnerability is closely related to a long-abandoned encryption standard, which was once the only one that is eligible to be released by the United States.
Encryption keys can be quickly cracked by ready-made software and purchased cloud computing services.
The difference between Logjam and FREAK is that it allows attackers to fool the Web server and make the server think that its current key is a robust encryption key, in fact, this is not the case.
Weakdh.org is an information website established by the Logjam team. On the client side, you can visit weakdh.org to check whether your browser has this vulnerability. When you access this website, a message will pop up on the screen, or "Good news! Your web browser will not be attacked by Logjam !", Or "warning! Your web browser cannot defend against Logjam attacks, and the browser will use a weak password after being cheated. You should upgrade your browser immediately ."
Computerworld tests Logjam on several mainstream browsers. The following are the test results.
The researchers described in detail in their technical report (Download PDF), although other browser manufacturers have been notified and are working on patching, however, at present, only Microsoft's IE browser (especially IE11, which is the version used for Computerworld testing) carries out patch updates.
Microsoft in May 12 issued a security bulletin MS15-055, the statement has been on the IE browser patch repair.
Testing on the server is even more boring. Diffie-Hellman Key Exchange is a popular encryption algorithm, and the Logjam team has published an article to show you how to deploy the Diffie-Hellman key exchange function at the underlying layer, in addition, a quick server is tested.
You can enter the domain name of any website in the text box of the webpage to view the result. The best result is "good news! This website will not be attacked by Logjam. It supports ECDHE and does not use DHE ."
The researchers described in detail in their technical report (Download PDF), although other browser manufacturers have been notified and are working on patching, however, at present, only Microsoft's IE browser (especially IE11, which is the version used for Computerworld testing) carries out patch updates.
Microsoft in May 12 issued a security bulletin MS15-055, the statement has been on the IE browser patch repair.
Testing on the server is even more boring. Diffie-Hellman Key Exchange is a popular encryption algorithm, and the Logjam team has published an article to show you how to deploy the Diffie-Hellman key exchange function at the underlying layer, in addition, a quick server is tested.
You can enter the domain name of any website in the text box of the webpage to view the result. The best result is "good news! This website will not be attacked by Logjam. It supports ECDHE and does not use DHE ."