Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fewer IPsec Connections At Risk From Weak Diffie-Hellman (threatpost.com)

Posted by samzenpus on from the protect-ya-neck dept.

msm1267 writes: A challenge has been made against one of the conclusions in an academic paper on cryptographic weaknesses that may be the open door through which intelligence agencies are breaking encrypted connections. The paper, 'Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice,' claims that a massively resourced agency such as the NSA could build enough custom hardware that would crack the prime number used to derive an encryption key. Once enough information is known about the prime, breaking Diffie-Hellman connections that use that same prime is relatively trivial. In the paper, the team of 14 cryptographers and academics who wrote it claim that upwards of 66 percent of IPsec VPN connections can be passively decrypted in this manner. Paul Wouters, a founding member and core developer of the Libreswan Project, as well as a Red Hat associate, said that researchers are jumping to a conclusion because of the way they scanned and tested VPN servers, and that the number is likely too high.

2 of 28 comments (clear)

  1. Re: Key Exchange by jabuzz · · Score: 3, Informative

    That won't work.unless the NSA/GCHQ get lucky. The premise of the original article was that a relatively small number of primes are precomputed at huge expense and the results stored in a relatively small database (a few GB in size). If you are changing that prime every two hours to one that the NSA have not precomputed then they are going to be unable to keep pace with the required precompution to continue decrypting your communication.

    As long as it takes the NSA longer to precompute the prime you are using than you are using the prime for you are good to go.

    Now of course if I where the NSA I would be designing custom hardware to do the precompute, and would expect it to be way way faster than the original analysis suggested. It's like the difference between doing bitcoin mining on a CPU compared to custom silicon.

  2. Re:Elliptic Curve by Anonymous Coward · · Score: 2, Informative

    We have Diffie-Helman (DH), Ephemeral Diffie-Hellman (DHE), Elliptic Curve Diffie–Hellman (ECDH), and Elliptic Curve Ephemeral Diffie-Hellman (ECDHE).