J.R.McHale

**Academic Paper:** “Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice” ([pdf](https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf); 13 pages), published earlier this year, but presented at a recent conference

**General Explanation** (by two of the fourteen co-authors of the academic paper): [How is NSA Breaking So Much Crypto?](https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/) – Freedom to Tinker

**EFF’s Two Part Explainer:** [Logjam, Part 1:](https://www.eff.org/deeplinks/2015/05/logjam-internet-breaks-again) “Why the Internet is Broken Again” and [Logjam, Part 2:](https://www.eff.org/deeplinks/2015/05/logjam-part-2-did-nsa-know-years-internet-was-broken) “Did the NSA Know the Internet Was Broken”

**EFF’s Practical Advice:** [How to Protect Yourself from NSA Attacks on 1024-bit DH](https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH)

**Bruce Schneier:** [Breaking Diffie-Hellman with Massive Precomputation (Again)](https://www.schneier.com/blog/archives/2015/10/breaking_diffie.html) and his previous post [The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange](https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html)