NSA’s kodebrydning

Et af de store mysterier omkring NSA’s evner til kodebrydning er måske løst, i og med at en række sikkerhedsfolk endelig er kommet med en plausibel teori der kan forklare dem:

For the nerds in the audience, here’s what’s wrong: If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.

How enormous a computation, you ask? Possibly a technical feat on a scale (relative to the state of computing at the time) not seen since the Enigma cryptanalysis during World War II. Even estimating the difficulty is tricky, due to the complexity of the algorithm involved, but our paper gives some conservative estimates. For the most common strength of Diffie-Hellman (1024 bits), it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.

Would this be worth it for an intelligence agency? Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous. Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.
— Alex Halderman & Nadia Heninger, “How is NSA breaking so much crypto?

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice

Electronic Frontier Foundation har lavet en vejledning hvordan man kan deaktivere de berørte krypteringsalgoritmer i nogle applikationer, f.eks. webbrowsere. I øvrigt bør man nok en gang imellem besøge “How’s My SSL?“* så man kan se om ens browser er tilstrækkelig opdateret.


(*) Ja, det burde hedde “How’s My TSL?” og det ved de godt. Men de fleste kalder det stadig SSL…

This entry was posted in Security and tagged , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.