On Sat, Oct 17, 2015 at 11:57 AM, <[email protected]> wrote: > According to > https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-m > uch-crypto/ > > "Since a handful of primes are so widely reused, the payoff, in > terms of connections they could decrypt, would be enormous. Breaking a single, > common 1024-bit prime would allow NSA to passively decrypt connections to > two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a > second 1024-bit prime would allow passive eavesdropping on connections to > nearly 20% of the top million HTTPS websites. In other words, a one-time > investment in massive computation would make it possible to eavesdrop on > trillions of encrypted connections." > > How is the prime set up for DH in > OpenSSH and is that something a user can change? > > >
Someone correct me if I'm wrong but as far as I know the prime numbers used in DH group exchange are not secret but must be known by everyone (and couple other parameters are also public) for the key exchange to be possible in the first place. What NSA can do is to perform a "pre-calculation" over the possible key exchange results and the danger is in that too small DH group can be covered sufficiently by them to be able to crack DH exchange on the fly. Hence the recommendation to increase the size of the group size used. -Kimmo
