‹ Back
Deploy360 22 October 2015

Diffie-Hellman Key Exchange Problems & Recommendations for Stronger Encryption

Kevin Meynell
By Kevin MeynellSenior Manager, Technical and Operational Engagement

TLS badgeA paper recently published at the 22nd ACM Conference on Computer and Communications Security in Denver, USA raises concerns about how Diffie-Hellman key exchange is implemented in many protocols including HTTPS, SSH, IPsec, SMTPS and other protocols relying on TLS. Diffie-Hellman is an asymmetric cryptographic algorithm that is commonly used to exchange session keys when establishing a secure Internet connection, but the research discovered that many server implementations are either using obsolete 512-bit so-called ‘export grade’ cryptography or are utilising a fixed or limited range of prime numbers that effectively allows 768-bit and potentially 1024-bit grade encryption to be routinely cracked using pre-computation techniques.

Tests revealed that up to 15% of servers could potentially be affected using the Logjam attack technique that forces export grade parameters (a historical legacy) for Diffie-Hellman. Whereas if 1024-bit grade encryption is broken, this could potentially compromise up to 25% of HTTPS and SSH servers and 66% of IPSec VPN connections.

The authors point out that the cracking of 1024-bit grade encryption still requires substantive amounts of computing resources that are likely only available at a nation state level, but that moving to stronger key exchange methods should be a priority for the Internet community. They make the following three recommendations:

  1. Turn off legacy export cipher suites which in any case are no longer supported by most modern browsers;
  2. Deploy Elliptic-Curve Diffie-Hellman (ECDHE) which avoids all known feasible cryptanalytic attacks;
  3. Generate 2048-bit or stronger Diffie-Hellman groups with “safe” primes.

There’s a useful page of resources to be found at which includes a Guide to Deploying Diffie-Hellman for TLS, along with a tool for testing servers.

More information on configuring web browsers and operating systems can be found in this EFF article, whilst the authors of the paper discuss the implications of their findings in this blog post.

You can also visit our TLS for Applications page to learn more about security protocols.


‹ Back

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Encryption is key for a trusted Internet
Encryption is key for a trusted Internet
Building Trust30 March 2017

Encryption is key for a trusted Internet

One of the few regrets of Vint Cerf, who is often referred to as the 'father of the Internet', is...

Encryption and Law Enforcement Can Work Together
Encryption and Law Enforcement Can Work Together
Encryption26 October 2017

Encryption and Law Enforcement Can Work Together

The Internet Society and Chatham House will be hosting a roundtable of experts to deconstruct the debate on encryption and...

Encryption Isn't Perfect, That's Why Choices Are Important
Encryption Isn't Perfect, That's Why Choices Are Important
Encryption15 May 2018

Encryption Isn’t Perfect, That’s Why Choices Are Important

Encryption is a critical building block for online trust, but it's never perfect. Any encryption you use is the product...

Join the conversation with Internet Society members around the world