Today's terrifying Web security vulnerability, courtesy of the 1990s crypto wars

The Logjam bug allows attackers to break secure connections by tricking the browser and server to communicate using weak crypto — but why do browsers and servers support weak crypto in the first place?

The answer is in the Bill Clinton-era export restrictions on strong crypto. During the first crypto wars, the Clinton administration forced tech companies to export pre-broken crypto to nations to which the US was hostile. This created the possibility that Web servers would find themselves communicating with browsers that only supported weak crypto, and that Web browsers might connect to servers that were incapable of the normal strong crypto that we rely upon to protect our sensitive information from eavesdroppers.

As a result, browsers and servers distributed in the USA and other western states have routinely shipped with a mode in which they appear to be communicating securely, but are actually using a weak, easy-to-break cryptographic protocol.

In other words, they have back doors. And attackers have figured out how to waltz through those back doors.

This is especially significant because western governments are demanding a fresh round of back doors in broader classes of devices that are even more tightly connected to our daily lives. UK Prime Minister David Cameron made it an election promise, and the FBI has demanded that Congress give them the power to force tech companies to build in back doors.

But it's not the 1990s anymore. Crypto doesn't just protect the Web — it secures your car's wireless interface to keep attackers out of your brakes and steering; it secures your pacemaker against wireless attacks that can kill you where you stand; it secures your phone against having the camera and mic remotely operated by "sextortionist" voyeurs who blackmail their victims into performing live sex acts on camera with the threat of disclosure of nude photos covertly snapped by their compromised networked cameras.

Once these vulnerabilites are inserted, they ripple out into devices that are placed in the field and never updated, whose owners and users have no way to know that they were broken by design. There is only one way to attain cybersecurity, and that's by making the Internet and the devices we connect to it as secure as possible.

The weakness is the result of export restrictions the US government mandated in the 1990s on US developers who wanted their software to be used abroad. The regime was established by the Clinton administration so the FBI and other agencies could break the encryption used by foreign entities. Attackers with the ability to monitor the connection between an end user and a Diffie-Hellman-enabled server that supports the export cipher can inject a special payload into the traffic that downgrades encrypted connections to use extremely weak 512-bit key material. Using precomputed data prepared ahead of time, the attackers can then deduce the encryption key negotiated between the two parties.

"Logjam shows us once again why it's a terrible idea to deliberately weaken cryptography, as the FBI and some in law enforcement are now calling for," J. Alex Halderman, one of the scientists behind the research, wrote in an e-mail to Ars. "That's exactly what the US did in the 1990s with crypto export restrictions, and today that backdoor is wide open, threatening the security of a large part of the Web."

HTTPS-crippling attack threatens tens of thousands of Web and mail servers [Dan Goodin/Ars Technica]