Slashdot Mirror

← Back to Stories (view on slashdot.org)

Fewer IPsec Connections At Risk From Weak Diffie-Hellman (threatpost.com)

Posted by samzenpus on from the protect-ya-neck dept.

msm1267 writes: A challenge has been made against one of the conclusions in an academic paper on cryptographic weaknesses that may be the open door through which intelligence agencies are breaking encrypted connections. The paper, 'Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice,' claims that a massively resourced agency such as the NSA could build enough custom hardware that would crack the prime number used to derive an encryption key. Once enough information is known about the prime, breaking Diffie-Hellman connections that use that same prime is relatively trivial. In the paper, the team of 14 cryptographers and academics who wrote it claim that upwards of 66 percent of IPsec VPN connections can be passively decrypted in this manner. Paul Wouters, a founding member and core developer of the Libreswan Project, as well as a Red Hat associate, said that researchers are jumping to a conclusion because of the way they scanned and tested VPN servers, and that the number is likely too high.

7 of 28 comments (clear)

  1. Key Exchange by sexconker · · Score: 2, Interesting

    All key exchange algorithms are vulnerable.
    You can't negotiate a key without secrecy in the first place. Certs don't cover that because the CA model is inherently broken.

    1. Re:Key Exchange by houstonbofh · · Score: 2

      It doesn't need to be secure forever. Because in 2 hours I will be using a new key. The constant update of keys is one of the nicer features of IPsec.

    2. Re: Key Exchange by Anonymous Coward · · Score: 5, Insightful

      The NSA will just store your 2 hours of traffic and decrypt it later.

    3. Re:Key Exchange by unrtst · · Score: 3, Insightful

      All key exchange algorithms are vulnerable.

      And all absolutes are false.

    4. Re: Key Exchange by jabuzz · · Score: 3, Informative

      That won't work.unless the NSA/GCHQ get lucky. The premise of the original article was that a relatively small number of primes are precomputed at huge expense and the results stored in a relatively small database (a few GB in size). If you are changing that prime every two hours to one that the NSA have not precomputed then they are going to be unable to keep pace with the required precompution to continue decrypting your communication.

      As long as it takes the NSA longer to precompute the prime you are using than you are using the prime for you are good to go.

      Now of course if I where the NSA I would be designing custom hardware to do the precompute, and would expect it to be way way faster than the original analysis suggested. It's like the difference between doing bitcoin mining on a CPU compared to custom silicon.

  2. Well, sounds like he's right by mveloso · · Score: 2

    While their vulnerability numbers are probably off by a magnitude or two, that doesn't negate the idea behind the paper - just the importance.

  3. Re:Elliptic Curve by Anonymous Coward · · Score: 2, Informative

    We have Diffie-Helman (DH), Ephemeral Diffie-Hellman (DHE), Elliptic Curve Diffie–Hellman (ECDH), and Elliptic Curve Ephemeral Diffie-Hellman (ECDHE).