How 'Logjam' attack affects openID since it uses Diffie-Hellman key exchange method?

Question

According to the Diffie-Hellman key exchange get affected by logjam, and openID uses this to establish an association. So how this going to affect OpenID?

I would checkout this question/answer for details on Logjam – RoraΖ May 21 '15 at 13:00 — RoraΖ, May 21 '15 at 13:00

score 2 · Accepted Answer · answered May 21 '15 at 10:17

2

logjam is not (even remotely) a break of the Diffie-Hellman key exchange method. It is a weakness of the TLS protocol. It affects only sessions, not credentials. It will soon be fixed. I estimate zero impact on OpenID. The "bad guys" cannot do MITM, only governments and ISPs could (in principle) do MITM.

answered May 21 '15 at 10:17

Atsby

1,148
8
6

1

No longer "in principle". -> Wiki: Quantum Insert – StackzOfZtuff May 21 '15 at 10:19
@StackzOfZtuff Damn, man. – Atsby May 21 '15 at 10:26
There are plenty of opportunities for even run of the mill bad guys to MITM... Running rogue hotspots in hotels/airports/etc... makes it very easy to achieve... – Bruno Rohée Oct 16 '15 at 17:31

How 'Logjam' attack affects openID since it uses Diffie-Hellman key exchange method?

1 Answers1