NSA breaks 1024-bit encryption
According to a recent article by Alex Halderman and Nadia Heninger, what most people feared in the cryptography fields looks all too real, the NSA is in the crpyto-cracking business, and business is booming. It’s long been feared that the NSA began this venture in 2013 with the development of its mega-structure in Utah and the enormous “black budget” money that it receives.
“For the past decade, N.S.A. has led an aggressive, multi-pronged effort to break widely used Internet encryption technologies” (New York Times)
However, we now have proof that what we thought the NSA was doing is actually possible for them to accomplish now: cracking the Diffie-Hellman Key Exchange (1024 bit variant; not 512 bit DHKE or ECDHA). Considering that the enormous Bluffdale facility was built in 2013 and the research paper published Alex, Nadia and 12 others showing how the NSA accomplished this, estimates it takes about one year to break a prime number needed for network traffic decryption. This means that we could easily assume they have cracked at least 2 prime numbers and possibly a third. Eventually it can be assumed that nothing that we do online is private.
The NSA has taken a giant leap forward in cracking the prime numbers needed to decrypt most SSL and VPN network data. We also believe that the US Federal Government’s quest for the encryption skeleton key that opens all doors is going to severely weaken encryption for the entire communications thread. What does this means for you and I? They can now see everything that happens at nearly on demand speeds. We recommend certain steps everyone should take in wake of these revelations.
- Tor: If you’re looking for anonymity on the web, the dark web or deep web is the best place even with what the NSA has been able to do
- Open Source: Use open source technology which won’t have a backdoor placed in it by the company bought off by a government.
- Don’t Assume: Per the New York Times, VPN and SSL connections are now the primary target for decryption for state level government entities. Don’t assume what you are doing is EVER anonymous.
- Lobby your congressmen/women and senators to vote against funding for these projects and to vote against bills that are not in the public’s interest of privacy.
Other High Profile Encryption Breaches:
Experian (includes T-Mobile)
Tesla and Chrysler (unrelated to each other)
Apple App Store
U.S. Office of Personnel Management (OPM)
Kaspersky & FireEye (unrelated to each other)
Excellus Blue Cross Blue Shield
Ashley Madison (follow up)
Thanks for stopping by and reading our blog. We would appreciate if you could subscribe (assuming you like what you read; we think you will). This is meant to be informative and to provide value to anyone who reads this – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
Be sure to subscribe to this blog and to our Podcast.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.