[Cryptography] Imperfect Forward Secrecy: How DH Fails in Practice
Henry Baker
hbaker1 at pipeline.com
Wed Dec 30 09:17:18 EST 2015
Alex Halderman & Nadia Heninger's talk at 32c3:
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
Slides:
https://weakdh.org/weakdh-ccs-slides.pdf
Paper:
https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf
Video of 60-minute talk:
http://cdn.media.ccc.de/congress/2015/h264-hd/32c3-7288-en-de-Logjam_Diffie-Hellman_discrete_logs_the_NSA_and_you_hd.mp4
On last slide:
1024-bit discrete log within range for governments.
Parameter reuse allows wide-scale passive decryption.
Mitigations:
* Move to elliptic curve cryptography
* If ECC isnt an option, use = 2048-bit primes.
* If 2048-bit primes arent an option, generate a fresh 1024-bit prime.
More information about the cryptography
mailing list