[Cryptography] Fwd: NYTimes.com: N.S.A. Foils Much Internet Encryption
james hughes
hughejp at mac.com
Fri Sep 6 01:11:40 EDT 2013
The following is from a similar list in Europe. Think this echoes much on this list but has an interesting twist about PFS cipher suites.
Begin forwarded message:
> ________________________________________
> From: Paterson, Kenny [Kenny.Paterson at rhul.ac.uk]
> Sent: Friday, September 06, 2013 12:03 AM
> To: Christof Paar; ecrypt2-all at esat.kuleuven.be
> Subject: Re: NYTimes.com: N.S.A. Foils Much Internet Encryption
>
> Christof,
>
> Thanks for sharing this link.
>
> What seems likely, reading between the lines of this article, is that
> NSA/GCHQ have access, by a variety of means, to RSA private keys for
> popular websites, enabling them to (at will) recover SSL/TLS session keys.
> This can be done offline for stored traffic or online as packets pass by
> on the network. I stress that the article does not say this directly.
>
> One solution, preventing passive attacks, is for major browsers and
> websites to switch to using PFS ciphersuites (i.e. those based on
> ephemeral Diffie-Hellmann key exchange). For statistics on current
> adoption of such ciphersuites, see:
>
> http://news.netcraft.com/archives/2013/06/25/ssl-intercepted-today-decrypte
> d-tomorrow.html
>
>
> Regards
>
> Kenny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130905/49ae9065/attachment.html>
More information about the cryptography
mailing list