středa 24. června 2015
Jak nastavit TLS pro omezení důsledků exploitu "Logjam"
Na stránce : https://weakdh.org/sysadmin.html je návod, jak nastavit TLS pro omezení důsledků exploitu Logjam.
Podrobnější informace o pricipu a původu tohoto exploitu jsou na webu arstechnica.co:
"... The new attack, which its creators have dubbed Logjam, can be exploited against a subset of servers that support the widely used Diffie-Hellman key exchange, which allows two parties that have never met before to negotiate a secret key even though they're communicating over an unsecured, public channel...
... To exploit vulnerable connections, attackers must use the number field sieve algorithm to precompute data. Once they have completed that task, they can use it to perform man-in-the-middle attacks against vulnerable connections in real time. Using academic-level hardware, the researchers required just two weeks to generate data needed to attack the two most commonly called prime numbers 512-bit Diffie-Hellman uses to negotiate ephemeral keys. Those two data sets allow the attackers to compromise about 92 percent of sites supporting the export cipher. It wouldn't require much additional work to generate data needed to attack the remaining sites. ..."