|
|
How is NSA breaking so much crypto? - TechAmok
How is NSA breaking so much crypto? - [security]
09:02 AM EDT - Oct,18 2015 - post a comment There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a 'computing breakthrough' that gave them 'the ability to crack current public encryption.' The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand. However, the documents do not explain how these breakthroughs work.
The key is, somewhat ironically, Diffie-Hellman key exchange, an algorithm that we and many others have advocated as a defense against mass surveillance. Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Our paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers.
For the nerds in the audience, here's what's wrong: If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn't just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to crack a particular prime, then easily break any individual connection that uses that prime.
How enormous a computation, you ask? Possibly a technical feat on a scale (relative to the state of computing at the time) not seen since the Enigma cryptanalysis during World War II. Even estimating the difficulty is tricky, due to the complexity of the algorithm involved, but our paper gives some conservative estimates. For the most common strength of Diffie-Hellman (1024 bits), it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.
Would this be worth it for an intelligence agency? Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous. Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.
|
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Apr,24 2024 President Biden signs TikTok bill into law Apr,24 2024 The Humble PC Apr,24 2024 Researchers have unlocked the 'Holy Grail' of memory technology Apr,24 2024 The Best Gaming GPU Ever Released, Nvidia GeForce GTX 1080 Ti, 2024 Apr,24 2024 Your Own Private Network Attached Storage Solution by UGREEN Apr,23 2024 ATLAS | Official Trailer | Netflix Apr,22 2024 The World's Fastest CPU (Technically...) - Intel i9-14900KS Apr,22 2024 We can do THIS now! - Lumafield CT Scanner Apr,21 2024 Huawei Pura 70 Ultra - Apple Should be WORRIED Apr,21 2024 Sony 2024 TV Lineup Revealed Apr,20 2024 ICE - A Thousand Suns / Episode 1 Apr,20 2024 Minisforum V3 AMD Tablet Review Apr,20 2024 AMD & Intel SLASH CPU Prices! Apr,20 2024 EK is Imploding: Not Paying Employees, Partners, & Suppliers Apr,20 2024 Backing Up My NAS To My... Parents' House? Apr,20 2024 NEW Ryzen APU BEATS RTX 40 GPUs! Apr,20 2024 (Live) Black Tape Project - All New Raw and Uncut - LA Fashion Week Apr,19 2024 NVIDIA Geforce 552.22 WHQL Driver Apr,19 2024 You Deserve this much OLED - AORUS CO49DQ Apr,19 2024 Unreal Engine 5.4 looks ULTRA PHOTOREALISTIC Apr,18 2024 Radeon RX 5700 XT vs. 7700 XT, 2024 Revisit Apr,18 2024 I Will Build You a PC Right Now! Apr,17 2024 These games carry REAL security risks! BEWARE! Apr,17 2024 Visible First to Offer Annual Payment Plan, with Discount up to 26% Apr,17 2024 Is Coding Still Worth Learning in 2024? Apr,17 2024 All New Atlas - Boston Dynamics Apr,16 2024 The NEW Chip Inside Your Phone! (NPUs) Apr,16 2024 XPS 14 vs 14" MacBook Pro - Apple just KILLED Intel! Apr,15 2024 The Most 2024 Laptop - Razer Blade 14 Review Apr,15 2024 NEVER install these programs on your PC... EVER!!! Apr,14 2024 Use Live Translate on Galaxy S24 series to translate a call's Apr,14 2024 I Tried a Non-Invasive Blood Sugar Watch. Miracle or Scam? Apr,13 2024 Samsung Galaxy Ring - This Just Got Interesting Apr,13 2024 Piracy Is Over Party - WAN Show April 12, 2024 Apr,13 2024 Conan O'Brien Needs a Doctor While Eating Spicy Wings Apr,13 2024 Beatbox Jcob recreats every sound Apr,13 2024 Intel is Gunning for NVIDIA Apr,13 2024 Building a Budget DIY Home Surveillance System Apr,12 2024 Lenovo Yoga Buyers Guide - What's the Best Thin and Light Laptop Apr,11 2024 DARK MATTER Trailer (2024) New Sci-Fi Movies 4K
>> News Archive <<
| |
|
