[Cryptography] Fwd: freedom-to-tinker.com: How is NSA breaking so much crypto?

Watson Ladd watsonbladd at gmail.com
Fri Oct 16 17:33:05 EDT 2015


On Fri, Oct 16, 2015 at 4:39 PM, Ray Dillinger <bear at sonic.net> wrote:
>
>
> On 10/15/2015 12:03 PM, Dan McDonald wrote:
>> On Thu, Oct 15, 2015 at 02:28:38PM -0400, Arnold Reinhold wrote:
>>>
>>> This article suggests that the widespread use of a common prime modulus in
>>> Diffie-Hellman may be the weakness NSA is exploiting to break much Internet
>>> traffic.
>>
>> I also wonder how long it'll be until it works with 1536-bit modulii or
>> larger.  Also, about 6 years ago, there was an RFC for DH groups with larger
>> generators.  We got those, AND ECC, into Solaris/OpenSolaris well before
>> Oracle hit the fan.  I suspect that also will help.
>>
>
> Instead of wondering how long it'll be until it works with *longer*
> re-used primes, why aren't you asking why primes are getting reused??
>
> Isn't the central weakness here is the propensity of server
> implementations to continue using the same prime factor for their
> whole uptimes - or, indeed, for the whole of *every* uptime?
>
> Isn't the appropriate fix making sure that different numbers get used
> each time DH is performed?  And won't that be the appropriate thing to
> do regardless of the key length being used?
>
> I mean, yes, I'm all for moving to longer keys given that these
> exhaustion attacks are possible in the first place.  But shouldn't
> we first be fixing the dead-wrong implementation that makes the
> brute-force attacks feasible?

No.

The difference between "completely implausible calculation of size
2^120" and "somewhat plausible 2^80" matters far more than the slight
gains from being able to reuse work across targets. That's not always
true: brute force of symmetric keys does gain somewhat.

>
>                                         Bear
>
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography



-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.


More information about the cryptography mailing list