Have you ever made a transaction on your bank’s website? Do you feel 100% secure when using an HTTPS encrypted connection? Well, you shouldn’t. A recent publication  proves how the encryption behind HTTPS may fail in practice. You better read what’s next.
Related post: Do Quantum Computers Mean the End of HTTPS?
HTTP over TLS (also called HTTPS) ensures a secure communication between two parties by using a cryptographic protocol called TLS (Transport Layer Security) – successor of SSL. TLS expects two parties (Client and Server) to negotiate a stateful connection by using a handshaking procedure. During this phase, a session key must be generated for encrypting all messages in the communication session. Generally, in order to generate this key, the client uses the Diffie-Hellman key exchange, an algorithm which allows two parties to exchange cryptographic keys over a public channel.
The Diffie-Hellman method expects two entities to agree upon the usage of a public prime number p and a public prime base g, part of a cyclic group G. Given a and b are two numbers secretly and independently chosen by the two parties, one entity sends ga mod (p), the other sends gb mod (p) and each can compute a shared secret key gab mod (p). An attacker who can find the discrete log(x) from y = gxmod (p) can easily find the shared secret key. However, there is no known efficient algorithm for solving that problem. Thus, by imposing the order of G to a very large prime factor, the complexity of the problem is high enough to prevent attackers from obtaining a or b.
This publication released last October 2015 introduces the existence of an attack named Logjam, able to exploit the security vulnerability (CVE-2015-4000) released in March 2015, which allows the hackers to break a TLS connection using a 512-bit prime key. This is possible because of the algorithm used to solve the aforementioned discrete logarithm. Actually, it has been proved that the first three computational steps of the four necessary for solving that equation depend only on the order of G, and not on the specific number. Thus, by pre-computing those steps for all the single 512-bit primes in about a week, it is possible to solve the fourth step of the algorithm in about a minute, thereby having the key to decrypt the connection. The researchers found 8.4% of HTTPS - TOP 1 Million Domains being vulnerable because they use a 512-bit prime key.
Researchers found that 18% of HTTPS - TOP 1 Million Domains and 25% of SSH Servers are using 1024-bit primes instead to encrypt their connections. The researchers estimated the cost of creating logjam precomputation for one 1024-bit prime at hundreds of millions of US Dollars. Given the $10.5 billion allocated by the US Government for the Consolidated Cryptologic Program of 2012 and taking the claims of leaked NSA papers released by Snowden, the researchers speculate that the NSA can break much of current crypto.
First of all, update your browser, since all of them (IE in May 2015, Safari and Mozilla in June 2015, Chrome in September 2015) have provided fixes for defeating this vulnerability. Then if you run a server, you should disable support for export cipher suites and use a 2048-bit Diffie-Hellman Group.
So what should we learn from this? As is always the case in security, the mathematics work but the implementation and configuration are the weakest links in the chain most of the time.