[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-talk] How the NSA breaks Diffie-Hellmann


the paper "How is NSA breaking so much crypto?" got the Best Paper Award
at ACM CCS im Oct. 2015.


Diffie-Hellman is a cornerstone of modern cryptography used for VPNs,
HTTPS websites, email, and many other protocols. The paper shows that many
real-world users of Diffie-Hellman are likely vulnerable to state-level

A state-level attacker like NSA can pre-compute the most common used 1024
bit DH parameter sets which are recommend in RFC 2409. If pre-computation
was done for the two most common used DH parameter sets the NSA can braek
2/3 of VPN connections, 1/4 of SSH connections and 1/5 of SSL/TLS
connections on-the-fly.

EFF.org recommends to disable DHE cipher in Firefox and Chrome: 
"How to Protect Yourself from NSA Attacks on 1024-bit DH"

An other more advanced solution for TorBrowser would be possible. You can
increase the min. length for DH parameter to 2048 bit in NSS lib. Min.
length for DH parameter was set to 1024 in NSS 3.19.1 to avoid Logjam
attack. May be, it is time to increase it to 20148 bit?

Karsten N.
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to