|
|
How is NSA breaking so much crypto? - TechAmok
How is NSA breaking so much crypto? - [security]
09:02 AM EDT - Oct,18 2015 - post a comment There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a 'computing breakthrough' that gave them 'the ability to crack current public encryption.' The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand. However, the documents do not explain how these breakthroughs work.
The key is, somewhat ironically, Diffie-Hellman key exchange, an algorithm that we and many others have advocated as a defense against mass surveillance. Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Our paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers.
For the nerds in the audience, here's what's wrong: If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn't just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.
How enormous a computation, you ask? Possibly a technical feat on a scale (relative to the state of computing at the time) not seen since the Enigma cryptanalysis during World War II. Even estimating the difficulty is tricky, due to the complexity of the algorithm involved, but our paper gives some conservative estimates. For the most common strength of Diffie-Hellman (1024 bits), it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.
Would this be worth it for an intelligence agency? Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous. Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.
|
|
Add your comment (free registrationrequired)
Short overview of recent news articles |
|
Mar,01 2026 Chinese Developers Unleash Blazing-Fast Android AI Agent with Mar,01 2026 Claude Surges to #1 on App Store as ChatGPT Faces Boycott Backlash Feb,28 2026 Google Reveals Key New Features of Android 17 Feb,28 2026 OLED Gaming Monitors Are Finally Affordable Feb,28 2026 OpenAI's KYC Partner Exposed in Surveillance Scandal as ChatGPT Feb,28 2026 Pentagon Blacklists Anthropic Over AI Safeguards; OpenAI Secures Feb,27 2026 Have RAM and GPU Prices Peaked? Feb,27 2026 Zoom 'Update' Trap: Fake Site Infects 1,437 Users with Spyware in Feb,27 2026 Stop WASTING Money on Fancy RAM Feb,27 2026 Drunk AI robot Feb,26 2026 AirSnitch Exposes Critical Flaw: Wi-Fi Client Isolation Broken in Feb,26 2026 Revolutionary Ultrasonic Knife Hits Kitchens: C-200 Vibrates for Feb,26 2026 Apple Scores Historic NATO Security Clearance: iPhone and iPad First Feb,26 2026 Kali Linux Goes AI-Powered: Claude Now Runs Your Pen Tests in Plain Feb,26 2026 Resident Evil Requiem - Stunning on PS5 Pro + PS5/Xbox Series X|S Feb,26 2026 Samsung Galaxy S26 Ultra Flexes Hardware Muscle Over iPhone 17 Pro Feb,26 2026 The Galaxy S26 Ultra has a 'wow' feature with video Lock Feb,26 2026 I built the most BORING PC possible... and here is why it's Feb,26 2026 Micron Blasts GDDR7 as Gaming Bottleneck While Nvidia's RTX 50 Feb,26 2026 UK Tightens Grip on Streaming Giants: Age Verification Now Mandatory Feb,25 2026 Samsung Previews New AI Features Ahead of Flagship Phone Launch Feb,25 2026 China's DeepSeek Bars Nvidia and AMD from New AI Model, Boosts Feb,25 2026 Avast Impersonation Scam: Fake Site Tricks Users into Handing Over Feb,25 2026 Microsoft Pulls the Plug: Windows Server 2016 and 2016-Era Windows Feb,25 2026 I Scrapped 13 MACHINES to Prove a Point: STOP BUYING These Brands! Feb,25 2026 How Stealthy was the 7zip Malware and how to spot it? Feb,25 2026 Microsoft Drops Fresh Non-Security Boost for Windows 11 24H2 and Feb,24 2026 Game-Changer: ASML's 1kW EUV Upgrade Promises 50% Chip Production Feb,24 2026 This Outstanding Cooling Technology Might Have No Future Feb,24 2026 AMD Strix Halo 395 vs Intel Panther Lake - Real Benchmarks Feb,24 2026 Anthropic published a blog post saying Claude can modernize COBOL Feb,24 2026 WhatsApp Goes Beyond 2FA: Extra Password Layer Makes Accounts Nearly Feb,24 2026 Google Chrome Gets February 23 Security Boost with 3 High Fixes Feb,23 2026 Stargate Stalls: OpenAI's $500B Dream Hits Roadblocks as $14B 2026 Feb,23 2026 Google Crushes Cyber Threats: Blocks 1.75 Million Bad Apps and Bans Feb,22 2026 Bitcoin Miner Bitdeer Sells Everything: Treasury Hits Zero in AI Feb,22 2026 HW News - More Valve RAM Shortages, Tariffs Ruling, AI Causes PS6 Feb,22 2026 Microsoft's Deep Integration of Copilot in Windows 11 Raises Feb,22 2026 Elon Musk Confirms X Money Now Live in Internal Beta for Employees, Feb,22 2026 Scream (1996) Flashback Review
>> News Archive <<
| |
|
