Technology

LogJam encryption flaw fix will block some websites

Padlock sign Image copyright Thinkstock
Image caption The LogJam attack vulnerability could mean encrypted communications could still be spied upon

Web-browser makers are preparing a fix for a flaw in an encryption algorithm that makes it possible to spy on supposedly secure communications.

However, the updates will mean a minority of websites will be blocked by the new software.

The "LogJam attack" was discovered by researchers at Microsoft and a number of US and French universities.

They believe about 8% of the top one million HTTPS security-protected sites are made vulnerable by the flaw.

Users would therefore be given false reassurance by the padlock icon that such sites display in a browser's address bar.

Some email servers and services that use the Transport Layer Security (TLS) cryptographic protocol are also at risk of being hacked until their operators update their systems.

Export controls

The LogJam attack vulnerability is a legacy of the US 1990s-era export restrictions on cryptographic tools.

These limited the complexity of the secret encryption codes that could be generated by "international versions" of US-made software, including Netscape's web browser.

The export rules were later relaxed, but the researchers say an unintended consequence is that a commonly used process, called a Diffie-Hellman key exchange, can be compromised by a "man-in-the-middle" attack.

Image copyright Thinkstock
Image caption The flaw allows hackers to make target systems use a weaker than desired encryption key

A Diffie-Hellman key exchange was one of the first techniques developed to allow two or more parties to create and share an encryption key by exchanging parts of the key in public.

What the researchers discovered was that by intercepting the communications, a hacker could ensure a 512-bit key was used rather than a more complicated one.

In this context, 512-bit means there are two to the power of 512 possible combinations - representing a huge number.

Nevertheless, the researchers said it was still possible for computers to crack such codes in "minutes".

Even more complicated types of encryption were susceptible to cyber-spies using supercomputers at the National Security Agency, they added.

"In the 1024-bit case, we estimate that such computations are plausible given nation-state resources, and a close reading of published NSA leaks shows that the agency's attacks on VPNs [virtual private networks] are consistent with having achieved such a break," they wrote.

Nevertheless, the fix that web-browser makers have agreed on is that their software should block 512-bit or weaker encryption keys.

Image caption Users may not be able to access some website after they upgrade their browser

"The solution is relatively simple - you disable this legacy function on your system," said Prof Alan Woodward, a cybersecurity expert at the University of Surrey.

"Unfortunately, some older web servers might then be prevented from starting a secure conversation with the updated web browsers as they would support only that older, shorter, weaker key lengths.

"But do you really want this backward compatibility if it means others could be forced to use this weaker form of encryption?

"Browsers can be updated and servers can be reconfigured easily, and it really is no bad thing to force this to happen bearing in mind the alternative is that a 'secure connection" could potentially be broken by an eavesdropper."

According to a report by the Wall Street Journal, it has been estimated that 20,000 websites could become blocked as a consequence.

'Storm in a teacup'

Mozilla - which is responsible for the Firefox browser - said its new software should be released in the "next few days".

Image copyright Getty Images
Image caption The NSA is thought to be capable of breaking 1024-bit encryption

"Most of the coordination in this case was done thanks to the researchers who found the bug. They provided valuable measurement data to the various browser vendors, which allowed us all to calibrate our response," said Richard Barnes, the organisation's cryptographic engineering manager.

Another security expert said that internet users should not be worried about being unprotected in the meantime.

"The fact that LogJam can only be exploited when hackers and targets are on the same network, as well as patches being imminent, means that hype around it is likely to be a bit of a storm in a teacup," said Ross Brewer, from security research company LogRhythm.

"Organisations should, however, use flaws like this as an excuse to give themselves a security health check.

"With flaws like LogJam being identified with increasing frequency, the only real way to know you're safe is to know you can stop an attack in its tracks as soon as it gets going."

More on this story

Related Internet links

The BBC is not responsible for the content of external Internet sites