How the NSA can break trillions of encrypted Web and VPN connections | Ars Technica
Researchers show how mass decryption is well within the NSA’s $11 billion budget.
There's a reason the NSA isn't pushing to backdoor encryption: they don't need them. "All your base are belong to us."
How come? Most implementations use standardized or hard-coded primes in a Diffie-Hellman key exchange, the SAME primes. So once the NSA cracks a majority of widely used primes they get snoop anything that uses that type of implementation… obviously this is well within its reach.
"Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous," researchers Alex Halderman and Nadia Heninger wrote in a blog post published Wednesday. "Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."
Sir Lucifer says
nothing worse then a false sense of security for some and others, well get all the good ideas
Steve Vance says
They can spy on all the weird sites and porn sites that I visit on the daily all they want. All it's going to get them is an erection.