LLMpediaThe first transparent, open encyclopedia generated by LLMs

Logjam (vulnerability)

Generated by GPT-5-mini
Note: This article was automatically generated by a large language model (LLM) from purely parametric knowledge (no retrieval). It may contain inaccuracies or hallucinations. This encyclopedia is part of a research project currently under review.
Article Genealogy
Parent: GnuTLS Hop 4
Expansion Funnel Raw 73 → Dedup 0 → NER 0 → Enqueued 0
1. Extracted73
2. After dedup0 (None)
3. After NER0 ()
4. Enqueued0 ()
Logjam (vulnerability)
NameLogjam
Discovered2015
CveCVE-2015-4000
Typecryptographic downgrade / Diffie–Hellman
AffectedTLS implementations, OpenSSL, NSS, GnuTLS, Microsoft Schannel
Mitigationserver configuration, stronger primes, Forward Secrecy, software patches

Logjam (vulnerability) is a 2015 cryptographic vulnerability that exploited weaknesses in Diffie–Hellman key exchange and Transport Layer Security to perform downgrade attacks and break ephemeral key agreement for connections. Researchers showed that widely used 512-bit and some 1024-bit Diffie–Hellman parameters allowed an attacker to precompute discrete logarithms and decrypt intercepted sessions. The disclosure prompted coordinated responses from major projects and vendors including OpenSSL, Mozilla, Google, Microsoft Corporation, Amazon (company), and Apple Inc..

Background

The vulnerability builds on mathematical work in computational number theory and cryptography dating to the study of the discrete logarithm problem in groups used by Diffie–Hellman key exchange, first described by Whitfield Diffie, Martin Hellman, and contemporaries at institutions such as Stanford University and MIT. Prior attacks leveraged advances in algorithms like the number field sieve studied at École Normale Supérieure, Max Planck Institute projects, and cryptanalytic efforts historically associated with agencies such as the National Security Agency and research at Bell Labs. The practical aspects intersect with protocols and standards developed by Internet Engineering Task Force, deployments by Cloudflare, Facebook, Yahoo!, and enterprise stacks from Red Hat, Debian, and Microsoft Corporation.

Technical details

Logjam exploited a downgrade mechanism in Transport Layer Security and Secure Sockets Layer implementations allowing an active man-in-the-middle to force a server and client to use weaker export-grade ephemeral keys. The attack targeted the Diffie–Hellman key exchange where groups are defined by prime moduli; if a server offered a commonly used 512-bit or weak 1024-bit prime, an attacker could perform a precomputation using number field sieve techniques associated with research from École Polytechnique Fédérale de Lausanne and computational efforts like those at CWI and then compute discrete logarithms for individual handshakes. The cryptanalytic steps relate to the complexity classes studied at Princeton University and algorithmic optimizations developed in academic conferences such as CRYPTO and EUROCRYPT. The weakness also interacted with TLS cipher negotiation implementations in OpenSSL, NSS (software), and GnuTLS.

Affected systems and products

Servers and clients using vulnerable TLS stacks were affected, notably configurations of OpenSSL, NSS (software), GnuTLS, Schannel on Microsoft Windows, and embedded TLS libraries deployed by vendors such as Cisco Systems, Juniper Networks, and F5 Networks. Large service providers including Google, Yahoo!, Amazon (company), Cloudflare, and content delivery networks relied on shared primes or supported export-grade ciphers, making websites hosted on infrastructures like Akamai Technologies and hosting providers running Apache HTTP Server and nginx susceptible. Browsers from Mozilla Foundation, Google Chrome, and Microsoft Edge were implicated through their TLS negotiation logic.

Impact and exploits

The immediate impact allowed passive or active attackers—on wired networks overseen by infrastructure operators like AT&T or backbone providers including Verizon Communications—or state-level actors linked historically to entities such as GCHQ and NSA to decrypt or impersonate TLS-protected sessions. Demonstrations included interception of connections to popular domains and session hijacking against services operated by Dropbox, GitHub, and other platforms. The attack model resembled prior downgrade attacks like FREAK (vulnerability) and leveraged precomputation strategies reminiscent of large-scale cryptanalytic projects carried out at research institutions including University of California, Berkeley and ETH Zurich.

Mitigations and countermeasures

Short-term mitigations included disabling support for export-grade ciphers in OpenSSL, NSS (software), and GnuTLS, and configuring servers to use strong, unique Diffie–Hellman parameters of at least 2048 bits, as recommended by standards bodies such as National Institute of Standards and Technology and the Internet Engineering Task Force. Long-term countermeasures focused on adopting elliptic-curve Diffie–Hellman as in ECDHE modes used by TLS 1.2 and TLS 1.3, enabling perfect forward secrecy on platforms like Apache HTTP Server, nginx, and cloud platforms from Amazon Web Services and Google Cloud Platform, and rotating keys regularly in systems administered with tools from Red Hat and Canonical (company).

Discovery and disclosure

Logjam was publicized in 2015 by researchers associated with universities including Iowa State University, University of Michigan, and University of Pennsylvania, and technology labs such as Google Security and non-profit groups linked to EFF-style advocacy. The coordinated disclosure involved vendors and organizations like Microsoft Corporation, Mozilla Foundation, OpenSSL Software Foundation, and Internet Engineering Task Force working through advisories and patches. The vulnerability received a Common Vulnerabilities and Exposures identifier CVE-2015-4000 and prompted security advisories from CERT Coordination Center and national cyber centers in countries including United Kingdom and United States.

Reception and subsequent research

The security community, including researchers at conferences such as Black Hat, DEF CON, USENIX Security Symposium, and journals from ACM and IEEE, analyzed Logjam's implications for protocol design and national cryptographic standards. Follow-up studies examined the feasibility of 1024-bit precomputation, the economics of large-scale discrete-log attacks, and broader risks to legacy cryptography, engaging researchers at Stanford University, Princeton University, MIT, and ETH Zurich. The incident accelerated adoption of stronger parameters and TLS 1.3 deployment by vendors like Cloudflare and spurred standards activity in the IETF to prevent downgrade vectors in future protocols.

Category:Cryptographic vulnerabilities