NSA can Break Trillions of Encrypted Web and VPN Connections

Disturbing news. Most security experts have known this for some time but Alex Halderman and Nadia Heninger have now described the NASA’s ability to spy on citizens. They wrote, “There have been rumors for years that the NSA can decrypt a significant fraction of encrypted Internet traffic. In 2012, James Bamford published an article quoting anonymous former NSA officials stating that the agency had achieved a “computing breakthrough” that gave them “the ability to crack current public encryption.” The Snowden documents also hint at some extraordinary capabilities: they show that NSA has built extensive infrastructure to intercept and decrypt VPN traffic and suggest that the agency can decrypt at least some HTTPS and SSH connections on demand.”

The Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. The Halderman and Heninger paper shows that, through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers. However, the good news is that the Diffie-Hellman method can provide very good security if implemented properly. According to Halderman and Heninger, the present-day weakness is caused by poor implementation of the Diffie-Hellman key exchange. That can be fixed.

If implemented properly, Halderman and Heninger state: “For the most common strength of Diffie-Hellman (1024 bits), it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.”

The full article by Alex Halderman and Nadia Heninger may be found at https://goo.gl/bJqFWl.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s