Logjam
What is Logjam?
LogjamA 2015 TLS attack that downgrades Diffie-Hellman key exchange to weak 512-bit export-grade primes and uses precomputation to break them.
Logjam was disclosed in May 2015 by Adrian, Bhargavan, Durumeric, Heninger and others. A man-in-the-middle modifies the TLS handshake so the server selects DHE_EXPORT, forcing a 512-bit Diffie-Hellman group derived from a small set of well-known primes. Because attackers can precompute the discrete-log database for those primes, individual sessions are then broken in real time and the master secret is recovered. Logjam also showed that nation-state adversaries could plausibly precompute common 1024-bit groups. Mitigations include disabling export ciphersuites, using DH groups of at least 2048 bits with named groups or ECDHE, and prioritising TLS 1.3 which removes static export and weak DH support entirely.
● Examples
- 01
MITM forcing a webserver to negotiate DHE_EXPORT 512-bit DH and decrypting the session.
- 02
Mass surveillance feasibility argument based on precomputed 1024-bit Oakley primes.
● Frequently asked questions
What is Logjam?
A 2015 TLS attack that downgrades Diffie-Hellman key exchange to weak 512-bit export-grade primes and uses precomputation to break them. It belongs to the Attacks & Threats category of cybersecurity.
What does Logjam mean?
A 2015 TLS attack that downgrades Diffie-Hellman key exchange to weak 512-bit export-grade primes and uses precomputation to break them.
How does Logjam work?
Logjam was disclosed in May 2015 by Adrian, Bhargavan, Durumeric, Heninger and others. A man-in-the-middle modifies the TLS handshake so the server selects DHE_EXPORT, forcing a 512-bit Diffie-Hellman group derived from a small set of well-known primes. Because attackers can precompute the discrete-log database for those primes, individual sessions are then broken in real time and the master secret is recovered. Logjam also showed that nation-state adversaries could plausibly precompute common 1024-bit groups. Mitigations include disabling export ciphersuites, using DH groups of at least 2048 bits with named groups or ECDHE, and prioritising TLS 1.3 which removes static export and weak DH support entirely.
How do you defend against Logjam?
Defences for Logjam typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Logjam?
Common alternative names include: Logjam Attack, DHE_EXPORT downgrade.
● Related terms
- attacks№ 434
FREAK Attack
A 2015 TLS attack (CVE-2015-0204) that downgrades RSA key exchange to 512-bit export-grade keys and factors them to decrypt sessions.
- attacks№ 1093
SSL/TLS Downgrade Attack
An active man-in-the-middle attack that forces a client and server to negotiate a weaker protocol version, cipher, or key size to enable further compromise.
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.
- attacks№ 941
ROBOT Attack
A 2017 resurrection of Bleichenbacher's 1998 RSA PKCS#1 v1.5 padding oracle on TLS servers, enabling session decryption or impersonation.