Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Encryption Security

Fewer IPsec Connections At Risk From Weak Diffie-Hellman ( 28

msm1267 writes: A challenge has been made against one of the conclusions in an academic paper on cryptographic weaknesses that may be the open door through which intelligence agencies are breaking encrypted connections. The paper, 'Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice,' claims that a massively resourced agency such as the NSA could build enough custom hardware that would crack the prime number used to derive an encryption key. Once enough information is known about the prime, breaking Diffie-Hellman connections that use that same prime is relatively trivial. In the paper, the team of 14 cryptographers and academics who wrote it claim that upwards of 66 percent of IPsec VPN connections can be passively decrypted in this manner. Paul Wouters, a founding member and core developer of the Libreswan Project, as well as a Red Hat associate, said that researchers are jumping to a conclusion because of the way they scanned and tested VPN servers, and that the number is likely too high.
This discussion has been archived. No new comments can be posted.

Fewer IPsec Connections At Risk From Weak Diffie-Hellman

Comments Filter:
  • Key Exchange (Score:3, Interesting)

    by sexconker ( 1179573 ) on Friday October 30, 2015 @12:38AM (#50830461)

    All key exchange algorithms are vulnerable.
    You can't negotiate a key without secrecy in the first place. Certs don't cover that because the CA model is inherently broken.

    • It doesn't need to be secure forever. Because in 2 hours I will be using a new key. The constant update of keys is one of the nicer features of IPsec.
      • Re: Key Exchange (Score:5, Insightful)

        by Anonymous Coward on Friday October 30, 2015 @01:22AM (#50830555)

        The NSA will just store your 2 hours of traffic and decrypt it later.

        • Re: Key Exchange (Score:4, Informative)

          by jabuzz ( 182671 ) on Friday October 30, 2015 @06:18AM (#50831107) Homepage

          That won't work.unless the NSA/GCHQ get lucky. The premise of the original article was that a relatively small number of primes are precomputed at huge expense and the results stored in a relatively small database (a few GB in size). If you are changing that prime every two hours to one that the NSA have not precomputed then they are going to be unable to keep pace with the required precompution to continue decrypting your communication.

          As long as it takes the NSA longer to precompute the prime you are using than you are using the prime for you are good to go.

          Now of course if I where the NSA I would be designing custom hardware to do the precompute, and would expect it to be way way faster than the original analysis suggested. It's like the difference between doing bitcoin mining on a CPU compared to custom silicon.

    • Re:Key Exchange (Score:4, Insightful)

      by unrtst ( 777550 ) on Friday October 30, 2015 @02:35AM (#50830691)

      All key exchange algorithms are vulnerable.

      And all absolutes are false.

    • by Lennie ( 16154 )

      I don't know why you'd say that applies to IPSEC VPNs:

      - Create your own CA.
      - generate the public/private key on each VPN device/machine
      - send the CSR (public key) to your own CA
      - then create certs for each CSR (a certificate is public key signed by CA)
      - put the CA cert on each VPN device/machine
      - put the certs on each VPN device/machine

      Where is the problem ?

  • by mveloso ( 325617 ) on Friday October 30, 2015 @01:00AM (#50830531)

    While their vulnerability numbers are probably off by a magnitude or two, that doesn't negate the idea behind the paper - just the importance.

  • I'm not afraid of hackers or the NSA or anything else. I'm afraid of Bruce Schneier. Rumor has it he even can intercept information flow between quantumly entangled particles. Until we deal with the real threat, all your data are belong to us.
  • I thought Diffie Hellman relied on elliptic curves rather than huge prime numbers. Please correct me if I'm wrong

A committee takes root and grows, it flowers, wilts and dies, scattering the seed from which other committees will bloom. -- Parkinson