How the NSA broke trillions of encrypted connections

As technology has become more interconnected as we have advanced over the years security has become a major issue and many people have pushed companies and developers into ensuring and using encryption and other techniques to guarantee people’s data is safe and secure and only accessible by the people that own it. Diffie-Hellman Key Exchange is a method of generating a shared private key with which two computers can use to secure a previous insecure channel. The Diffie-Hellman Key Exchange method is used by many different protocols to encrypt the traffic like VPN, SSH, HTTPS. To break a key for something like this, which is normally 1024 bits, it can take up to a year and cost millions of dollars, the NSA doesn’t have the money or time to continually crack these keys instead they have just enough time to crack only two. The flaw in the Diffie-Hellman encryption that the NSA discovered that there are two commonly used primes that are used to calculate the 1024-bit key. NSA cracked one key and was able to decrypt two thirds of VPN connections and a quarter of all SSH server globally. The other key they generate allowed them the eavesdrop on about 18% of the top million HTTPS websites. The attack is effective only on IPsec and a fair amount of SSH but not all, PGP and iMessage are immune to this attack. There is also other information backing up this theory of the NSA cracking the two keys, in the files that Edward Snowden leaked there was claims that showed the agency being able to monitor encrypted VPN connections. The research team that discovered this recommend that websites move to 2048-bit Diffie-Hellman keys, but 3072-bit would be needed to be really impervious to this attack and SSH users upgrade to the latest OpenSSH which uses Elliptic-Curve Diffie-Hellman Key Exchange.


By Peter Carenzo