[Cryptography] Fwd: freedom-to-tinker.com: How is NSA breaking so much crypto?
Paul Wouters
paul at cypherpunks.ca
Sat Oct 17 01:08:00 EDT 2015
On Sat, 17 Oct 2015, Peter Gutmann wrote:
> 3. Speculation about the NSA breaking 1024-bit DH to get into VPNs, mostly
> ignoring [0] the fact that almost any other (very effective) attack doesn't
> require any of this effort, and that all the mentions of specific
> successful attacks (rather than generalisations about techniques used) in
> the Snowden docs mention stealing keys, backdooring hardware, etc.
Their measurement of 66% of VPNs are using weak DH is also based on a
wrong assumption of NO_PROPOSAL_CHOSEN. I did a write up on that:
https://nohats.ca/wordpress/blog/2015/10/17/66-of-vpns-are-not-in-fact-broken/
> Finally, given that "several years ago" most SSL/TLS implementations (which
> carries a lot more interesting traffic than IPsec does) were still using RSA
> for key exchange and not DH (it's a relatively recent move to deprecate RSA
> keyex and move to DH), telling your boss that you needed $x00,000,000 for a
> DH-breaking supercomputer wouldn't have got you very far.
Ah while the IPsec traffic was far less then TLS, it was actually far
more interesting. So I don't really agree with you here. Of course, now
everyone is using IKE/IPsec to watch netflix, which must piss of the NSA
more than it pisses of the Content Industry :)
Paul
ps. this is probably the nicest thing Peter has ever said about IKE/IPsec :)
More information about the cryptography
mailing list