[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] How the NSA breaks Diffie-Hellmann

To: tor-talk <tor-talk@xxxxxxxxxxxxxxxxxxxx>
Subject: [tor-talk] How the NSA breaks Diffie-Hellmann
From: karsten.n@xxxxxxxxxxx
Date: Tue, 20 Oct 2015 09:51:59 +0200 (CEST)
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 20 Oct 2015 03:58:21 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailbox.org; h= x-mailer:content-transfer-encoding:content-type:content-type :mime-version:subject:subject:message-id:reply-to:from:from:date :date:received; s=mail20150812; t=1445327519; bh=29ZuhlCosoJoIu3 CMxZBhFfsxU6cqtG8W4XRNdGfXCw=; b=p2gDzmREl/Jo5hlqrHy/ki2RPjbGLw2 YzdpJKhSSqpTsPFUmJnCFwns1XEss425bGM+MgOP4w0F9uWx2VRCAhgr+qElTFO8 s+cLE6jpk/F8geCZ9SFX4A0uJcmKKPQhe3PZRGjnn3ce42XfFhcJ+jp4c7XV/g29 hSlxlTbSdgOIahM6xkzxGsKOpEie3cVnYMAeb2GCrYTROSIoZvpzxxD7GIC1vHsP l/6Xj1zxEbkhch+6QoLll/dEmMQv/d4UzvNY5QriLB4x3Jc3x24GMcukSlGL8oLZ Y+KBfzd9Oh5tmRohzkVFK7eV2JV4iSEkb9+eytClKMvWIBtyv+AqJ/w==
Importance: Medium
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Hello,

the paper "How is NSA breaking so much crypto?" got the Best Paper Award
at ACM CCS im Oct. 2015.

https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/

Diffie-Hellman is a cornerstone of modern cryptography used for VPNs,
HTTPS websites, email, and many other protocols. The paper shows that many
real-world users of Diffie-Hellman are likely vulnerable to state-level
attackers.

A state-level attacker like NSA can pre-compute the most common used 1024
bit DH parameter sets which are recommend in RFC 2409. If pre-computation
was done for the two most common used DH parameter sets the NSA can braek
2/3 of VPN connections, 1/4 of SSH connections and 1/5 of SSL/TLS
connections on-the-fly.

EFF.org recommends to disable DHE cipher in Firefox and Chrome: 
"How to Protect Yourself from NSA Attacks on 1024-bit DH"
https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH

An other more advanced solution for TorBrowser would be possible. You can
increase the min. length for DH parameter to 2048 bit in NSS lib. Min.
length for DH parameter was set to 1024 in NSS 3.19.1 to avoid Logjam
attack. May be, it is time to increase it to 20148 bit?
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

Karsten N.
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] How the NSA breaks Diffie-Hellmann
  - From: Lluís
- Re: [tor-talk] How the NSA breaks Diffie-Hellmann
  - From: Georg Koppen

Prev by Author: [tor-talk] Tor in the command line Linux
Next by Author: Re: [tor-talk] How the NSA breaks Diffie-Hellmann
Previous by thread: Re: [tor-talk] Tor Browser: playing videosHi
Next by thread: Re: [tor-talk] How the NSA breaks Diffie-Hellmann
Index(es):
- Author
- Thread