(no subject)
Oct. 15th, 2015 11:25 am![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
theweaselkingFuck.
Short version: cracking D-H key exchange ("most internet encryption") by brute force when every site uses a different 1024-bit key is unfeasibly hard. But if people are using the SAME 1024-bit key, instead of needing to crack 2^1024 (a number 309 digits long) keys, you just need to crack that one. And that only costs a few hundred million dollars, a year of time, and the knowledge of which 1024-bit key to crack. Guess what most common TLS and SSH implementations do? They use a specific key across all installations, which can be pulled out of the installer.
So it's believed that the NSA have cracked the specific keys used by lots of common software, which lets them read the encrypted traffic sent to and from those programs.
Short version: cracking D-H key exchange ("most internet encryption") by brute force when every site uses a different 1024-bit key is unfeasibly hard. But if people are using the SAME 1024-bit key, instead of needing to crack 2^1024 (a number 309 digits long) keys, you just need to crack that one. And that only costs a few hundred million dollars, a year of time, and the knowledge of which 1024-bit key to crack. Guess what most common TLS and SSH implementations do? They use a specific key across all installations, which can be pulled out of the installer.
So it's believed that the NSA have cracked the specific keys used by lots of common software, which lets them read the encrypted traffic sent to and from those programs.