{"id":15197,"date":"2015-05-20T15:25:50","date_gmt":"2015-05-20T20:25:50","guid":{"rendered":"http:\/\/bucktownbell.com\/?p=15197"},"modified":"2015-05-20T18:54:08","modified_gmt":"2015-05-20T23:54:08","slug":"logjam-how-diffie-hellman-fails-in-practice","status":"publish","type":"post","link":"http:\/\/bucktownbell.com\/?p=15197","title":{"rendered":"Logjam: How Diffie-Hellman Fails in Practice"},"content":{"rendered":"<blockquote><p>We have published a technical report, <a href=\"https:\/\/weakdh.org\/imperfect-forward-secrecy.pdf\"><b>Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice<\/b><\/a>, which has specifics on these attacks, details on how we broke the most common 512-bit Diffie-Hellman group, and measurements of who is affected. We have also published several <b><a href=\"https:\/\/weakdh.org\/logjam.html\">proof of concept demos<\/a><\/b> and a <b><a href=\"https:\/\/weakdh.org\/sysadmin.html\">Guide to Deploying Diffie-Hellman for TLS<\/a><\/b>.<\/p><\/blockquote>\n<p>Source: <em><a href=\"https:\/\/weakdh.org\/\">Logjam: How Diffie-Hellman Fails in Practice<\/a><\/em><\/p>\n<blockquote>\n<h3 id=\"sysadmin\">What should I do?<\/h3>\n<h4>If you run a server\u2026<\/h4>\n<p>If you have a web or mail server, you should disable support for export cipher suites and generate a unique 2048-bit Diffie-Hellman group. We have published a <b><a href=\"https:\/\/weakdh.org\/sysadmin.html\">Guide to Deploying Diffie-Hellman for TLS<\/a><\/b> with step-by-step instructions. If you use SSH, you should upgrade both your server and client installations to the most recent version of OpenSSH, which prefers Elliptic-Curve Diffie-Hellman Key Exchange.<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>We have published a technical report, Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice, which has specifics on these attacks, details on how we broke the most common 512-bit Diffie-Hellman group, and measurements of who is affected. We have also &hellip; <a href=\"http:\/\/bucktownbell.com\/?p=15197\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[284],"tags":[338,1125,104,312],"class_list":["post-15197","post","type-post","status-publish","format-standard","hentry","category-servers","tag-encryption","tag-exploit-vector","tag-howto","tag-ssltls"],"_links":{"self":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/15197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=15197"}],"version-history":[{"count":1,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/15197\/revisions"}],"predecessor-version":[{"id":15198,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=\/wp\/v2\/posts\/15197\/revisions\/15198"}],"wp:attachment":[{"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=15197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=15197"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/bucktownbell.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=15197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}