Sunday, 18 October 2015

EFF Advises Against Eavesdropping HTTPS And VPN By NSA

This week, researchers presented information showing that the NSA may be able to store some encrypted connections, such as HTTPS, SSH and VPN, eavesdrop. Users can, however, take steps to prevent this, according to the American civil rights movement EFF.

The problem is that is used when an encrypted connection for instituting an algorithm for exchanging the key. In many cases, used for this purpose is the Diffie-Hellman algorithm. It forms the basis for modern cryptography and is used for VPNs, HTTPS, email, and other protocols. Because of the way the algorithm is implemented users run the risk of being bugged by the secret services, researchers said Alex Halderman and Nadia Heninger.

The problem is that a client, for example, a browser, and a server which use Diffie-Hellman must first agree on a prime number with a certain shape. Many applications thereby appear to use standardized 'hardcoded' primes. A secret service that any one particular prime number is able to "crack", then can eavesdrop all connections that use this particular prime number. It is in this case 1024-bit prime numbers.


"Based on the evidence we have, we can not prove that the NSA does. Our proposed way to crack Diffie-Hellman is better suited to the technical details of the large-scale decryption capabilities of the NSA than any other explanation," said the researchers. The documents from whistleblower Edward Snowden that the NSA have an infrastructure to monitor VPN connections. The system is designed to collect specific data that is required specifically to attack Diffie-Hellman.

"As the use of Diffie-Hellman in this feeble way is widespread in both standards and implementations, it may take years before the problems are resolved," as the researchers warn. They argue that all major governments can carry out similar attacks, if they do not do that.

Internet users who want to protect themselves against a possible attack may take various measures. Diffie-Hellman can be in the browser are so turned off, so that with it the setting up of an encrypted connection no use is made. Users of VPN have set their software to Diffie-Hellman is used only with 2048-bit prime., As the EFF in this article explains

No comments:

Post a Comment