[Cryptography] Fwd: freedom-to-tinker.com: How is NSA breaking so much crypto?
Ray Dillinger
bear at sonic.net
Fri Oct 16 16:39:27 EDT 2015
On 10/15/2015 12:03 PM, Dan McDonald wrote:
> On Thu, Oct 15, 2015 at 02:28:38PM -0400, Arnold Reinhold wrote:
>>
>> This article suggests that the widespread use of a common prime modulus in
>> Diffie-Hellman may be the weakness NSA is exploiting to break much Internet
>> traffic.
>
> I also wonder how long it'll be until it works with 1536-bit modulii or
> larger. Also, about 6 years ago, there was an RFC for DH groups with larger
> generators. We got those, AND ECC, into Solaris/OpenSolaris well before
> Oracle hit the fan. I suspect that also will help.
>
Instead of wondering how long it'll be until it works with *longer*
re-used primes, why aren't you asking why primes are getting reused??
Isn't the central weakness here is the propensity of server
implementations to continue using the same prime factor for their
whole uptimes - or, indeed, for the whole of *every* uptime?
Isn't the appropriate fix making sure that different numbers get used
each time DH is performed? And won't that be the appropriate thing to
do regardless of the key length being used?
I mean, yes, I'm all for moving to longer keys given that these
exhaustion attacks are possible in the first place. But shouldn't
we first be fixing the dead-wrong implementation that makes the
brute-force attacks feasible?
Bear
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20151016/a3a4fbf7/attachment.sig>
More information about the cryptography
mailing list