[tor-talk] How the NSA breaks Diffie-Hellmann

Lluís 2015.msl at gmail.com
Tue Oct 20 08:52:24 UTC 2015


I understand, from a post to this list, than tor is switching from RSA
to elliptic curve key generation.

What would we expect from that update ?

Thanks for everyone's effort

Lluís

karsten.n at mailbox.org:
> Hello,
> 
> the paper "How is NSA breaking so much crypto?" got the Best Paper Award
> at ACM CCS im Oct. 2015.
> 
> https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/
> 
> Diffie-Hellman is a cornerstone of modern cryptography used for VPNs,
> HTTPS websites, email, and many other protocols. The paper shows that many
> real-world users of Diffie-Hellman are likely vulnerable to state-level
> attackers.
> 
> A state-level attacker like NSA can pre-compute the most common used 1024
> bit DH parameter sets which are recommend in RFC 2409. If pre-computation
> was done for the two most common used DH parameter sets the NSA can braek
> 2/3 of VPN connections, 1/4 of SSH connections and 1/5 of SSL/TLS
> connections on-the-fly.
> 
> EFF.org recommends to disable DHE cipher in Firefox and Chrome: 
> "How to Protect Yourself from NSA Attacks on 1024-bit DH"
> https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH
> 
> An other more advanced solution for TorBrowser would be possible. You can
> increase the min. length for DH parameter to 2048 bit in NSS lib. Min.
> length for DH parameter was set to 1024 in NSS 3.19.1 to avoid Logjam
> attack. May be, it is time to increase it to 20148 bit?
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
> 
> Karsten N.
> 


More information about the tor-talk mailing list