Over the past year was discovered several methods of attack on the encrypted channels, based on the decrease in the length of the keys to the export level (512-bit). One of them, LogJam, potentially allowing attacker, unlimited in resources, read and modify data, which are supposed to be protected.
Danger of Logjam-attack, which aims to Diffie – Hellman has been questioned, however, Mozilla has decided not to risk and last week introduced in Firefox blocking connections to servers that support the DHE_EXPORT codes. In a brief blog entry, the company said that in order to enhance the Firefox user privacy minimum key size will be increased to 1023 bits for the TLS handshake, using a key exchange scheme Diffie – Hellman.
“The configuration of some servers does not involve the using of sufficiently strong keys, – writes a programmer from Mozilla David Keeler. – If a user tries to connect to this server, it will display an error ssl_error_weak_server_ephemeral_dh_key ».
Crypto keys of export class – an artifact that exists from the time of crypto battles, when the US government deliberately weakened encryption strength for products shipped out of the country.
Directive of weak ciphers for export has long been recognized outdated, but some SSL-clients and servers still support, as demonstrated by the authors of the attacks FREAK, Logjam and DROWN.
Nevertheless there is a perception that currently exploit that can cause significant damage to an encrypted connection, a force of only experienced and well-funded hackers or intelligence agencies like the NSA. Thus, the authors Logjam in own report pointed out that breaking a 512-bit prime number used for the TLS, can reduce the encryption strength from 80% of servers supporting DHE_EXPORT, however, a group funded by the state can threaten on a 1024-bit and finally listen to the connection to 18% of the million most popular HTTPS-sites.
The second will allow decipher connection of 66% VPN-servers and 26% SSH-servers. Reality check carried out by other cryptographers showed that these estimates are likely to greatly overstated.