hereforawhile@lemmy.mlM to Secure Coms@lemmy.ml · 25 days agoHow the NSA can break trillions of encrypted Web and VPN connectionsarstechnica.comexternal-linkmessage-square4fedilinkarrow-up113arrow-down12
arrow-up111arrow-down1external-linkHow the NSA can break trillions of encrypted Web and VPN connectionsarstechnica.comhereforawhile@lemmy.mlM to Secure Coms@lemmy.ml · 25 days agomessage-square4fedilink
minus-squareslazer2au@lemmy.worldlinkfedilinkEnglisharrow-up7·25 days agoTl;dr It is likely 512 and 1024 bit diffie Hellman primes are within the NSA budget to predict. Move to at least 2048. Or better yet move to an elliptic curve
minus-squarehereforawhile@lemmy.mlOPMlinkfedilinkarrow-up3·25 days agoThis was written 10 years ago though for context. It’s anyone’s guess what can be done with today’s computers.
minus-squareCypher@lemmy.worldlinkfedilinkarrow-up4·25 days agoThe NSA paid RSA, to ‘backdoor’ the Dual Elliptic Curve Deterministic Random Bit Generator which was pushed as an industry standard for years. I don’t see why they wouldn’t have done the same with more recent algorithms.
minus-squareslazer2au@lemmy.worldlinkfedilinkEnglisharrow-up1·25 days agoThat was P256 Dual_EC_DRBG. x25519 has been the defacto replacement since 2015ish
Tl;dr
It is likely 512 and 1024 bit diffie Hellman primes are within the NSA budget to predict. Move to at least 2048.
Or better yet move to an elliptic curve
This was written 10 years ago though for context.
It’s anyone’s guess what can be done with today’s computers.
The NSA paid RSA, to ‘backdoor’ the Dual Elliptic Curve Deterministic Random Bit Generator which was pushed as an industry standard for years.
I don’t see why they wouldn’t have done the same with more recent algorithms.
That was P256 Dual_EC_DRBG. x25519 has been the defacto replacement since 2015ish