Security researchers have found several weaknesses in the deployment of the Diffie-Hellman key exchange which is used in many protocols like HTTPS, SSH, IPsec, SMTPS and TLS.
These weaknesses have some implications for VPN users. The following information is a summary of what you should be aware of to keep your computer and connections as secure as possible.
OpenVPN: OpenVPN connections with Perfect Privacy are not vulnerable to the Logjam attack as we use 4096-bit encryption keys which are still assumed non-breakable.
IPsec: According to the report, IPsec connections are vulnerable if the IKEv1 protocol is being used. This may be the case if you are using mobile devices running iOS or Android. The Perfect Privacy VPN Manager for Windows uses IKEv2 and should not be vulnerable. This issue cannot be fixed from our side as it depends on the IPsec implementation of the underlying operating system. We recommend using OpenVPN instead, where strong encryption keys are enforced.
SSH: Current SSH clients like Putty or ssh for linux use ECDHE (Elliptic-Curve Diffie-Hellman) for key exchange, which is not vulnerable to the attack. However, if you have imported public ssh keys with older ssh clients, the connection may still be using Diffie-Hellman. If in doubt you can remove you accepted host keys and import them again with an updated ssh client.
Web server: We have updated our web servers so they all use 2048-bit keys. You can verify this on the server test site at weakdh.org. Please note that checkip.perfect-privacy.com is not yet updated, this will happen in the near future.
Browser: Current browsers may still be vulnerable to the Logjam Attack when using ssl connections, you can check this on https://weakdh.org/. However, all major browsers will provide updates for this issue soon and they should be applied automatically once available.
Kind regards,
Your Perfect Privacy Team