Ran into Alex Halderman recently. He casually said "we found a weakness in Diffie-Hellman." My jaw dropped. GO READ. https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/ …
-
-
Replying to @zeynep
Basically, with a one-time large investment a state (ahem) who knows this weakness can decrypt large chunk of global VPNs, SSH, HTTPS etc.
1 reply 14 retweets 3 likes -
Replying to @zeynep
Before you think, "oh, it's just the NSA then", as Alex and Nadia point out: "Vulnerability on this scale is indiscriminate."
1 reply 4 retweets 3 likes -
Replying to @zeynep
Not sure how to explain all this at tweet length but THIS IS THE BIGGEST REVELATION ON STATE SURVEILLANCE IN YEARS. https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/ …
2 replies 120 retweets 60 likes -
Replying to @zeynep
Crypto math isn't "this isn't breakable by computation" It's "this is VEEERY HARD quickly compute." Doesn't rule out (unknown) shortcuts.
1 reply 4 retweets 5 likes -
Replying to @zeynep
So basically a very widely used crypto math algorithm that everyone until recently said was the one to use has a .. shortcut to break it.
2 replies 7 retweets 3 likes -
Replying to @zeynep
Good news, I guess: investment required for exploit is huge, so can only be done by states. Bad news: the weakness breaks forward secrecy.
1 reply 6 retweets 3 likes -
Replying to @zeynep
Q here isn't merely should NSA use such weaknesses. It is:"should NSA fix these weaknesses instead of using them"? "Who else is using them?"
2 replies 4 retweets 3 likes -
Replying to @zeynep
What's good for the goose is good for the gander. If one state can break HTTPS/VPN/TLS/SSH, so can another. That's a key unaddressed issue.
2 replies 6 retweets 5 likes
(Mostly) non-technical blog post by @ncweaver on what newly discovered crypto weakness means (as far as we know):https://www.lawfareblog.com/nsa-and-weak-dh
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.