• Log In
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • HomePage
  • About
  • Structure
  • Schedule
    • First Half of the Semester
      • Week 1: Overview of Course
      • Week 2: TCP/IP and Network Architecture
      • Week 3: Reconnaissance
      • Week 4: Vulnerability scanning
      • Week 5: System and User enumeration
      • Week 6: Sniffers
      • Week 7: NetCat, Hellcat
    • Second Half of the Semester
      • Week 8: Social Engineering, Encoding, and Encryption
      • Week 9: Malware
      • Week 10: Web application hacking, Intercepting Proxies, and URL Editing
      • Week 11: SQL injection
      • Week 12: Web Services
      • Week 13: Evasion Techniques
      • Week 14: Review of all topics and wrap up discussion
  • Assignments
    • Analysis Reports
    • Quizzes & Tests
  • Webex
  • Harvard Coursepack
  • Gradebook

ITACS 5211: Introduction to Ethical Hacking

Wade Mackay

Researchers Demonstrated How NSA Broke Trillions of Encrypted Connections

October 12, 2016 by Scott Radaszkiewicz 3 Comments

Article Link: Click Here

This article explains how researchers from the University of Pennsylvania, INRIA, CNRS and Universite de Lorraine have proven how the NSA broke the Diffie-Hellman key exchange algorithm.

The algorithm uses keys generated with large prime numbers, that is theorized that it would take hundreds or thousands of years to decrypt with today’s technology.    According this article states that it took the researchers only two months, and 3,000 CPU’s to break a 1,024-bit key.

This was accomplished by “backdooring” the prime numbers used to compute the algorithm by randomly selecting very large primes from a pre-defined set which made it 10,000 times easier to solve the problem.

This article is very interesting.  Most encryption is based on algorithms.  While many are deemed to be secure, there are hundreds, or thousands, if not millions of people out there looking for ways to break the code.   New discoveries are being made in mathematics that could possibly render some algorithms useless.   the encryption is man made, and whatever can be engineered by man, can one day be un-engineered.

 

Filed Under: Uncategorized Tagged With:

Reader Interactions

Comments

  1. Vaibhav Shukla says

    October 12, 2016 at 1:50 pm

    Its a great article which even now strengthens the point that why RSA and Diffie-Hellman cryptography method may soon see the slowdown in their usage across industries .Its security relies on the fact that factoring is slow and multiplication is fast.Specialized algorithms like the Quadratic Sieve have been created to tackle the problem of prime factorization and have been moderately successful. These algorithms are faster in finding out prime no
    These factoring algorithms get more efficient as the size of the numbers being factored get larger. The gap between the difficulty of factoring large numbers and multiplying large numbers is shrinking now.So RSA is not the ideal system for the future of cryptography.

    Log in to Reply
  2. Jason A Lindsley says

    October 12, 2016 at 3:03 pm

    Nice article Scott. 22% of the top 140,000 sites use 1024-bit keys despite the fact that NIST has been recommending 2048-bit keys since 2010. That’s quite astonishing!

    The SSL pulse survey referenced in this article appears to aggregate the information and does not provide specific sites that are weak. I think the vulnerable sites will be published. Also, our browsers should alert us when we are using sites that have 1024-bit keys for SSL encryption.

    Log in to Reply
    • Noah J Berson says

      October 12, 2016 at 5:26 pm

      What I find interesting is that by doubling the bits its actually 16 million times harder to decrypt. I think the slow switch has to due with understanding the raw computer power required to take down a 1024 bit key. 3,000 cpus like an i5 would cost about 600,000 dollars, not factoring in the facility, staff, and power costs to run them for 2 months. If someone wanted to break into your stuff and they had that much cash, they could probably bribe their way into your organization.

      Log in to Reply

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

Weekly Discussions

  • Uncategorized (133)
  • Week 01: Overview (1)
  • Week 02: TCP/IP and Network Architecture (8)
  • Week 03: Reconnaisance (25)
  • Week 04: Vulnerability Scanning (19)
  • Week 05: System and User Enumeration (15)
  • Week 06: Sniffers (9)
  • Week 07: NetCat and HellCat (11)
  • Week 08: Social Engineering, Encoding and Encryption (12)
  • Week 09: Malware (14)
  • Week 10: Web Application Hacking (12)
  • Week 11: SQL Injection (11)
  • Week 12: Web Services (10)
  • Week 13: Evasion Techniques (7)
  • Week 14: Review of all topics (5)

Copyright © 2025 · Magazine Pro Theme on Genesis Framework · WordPress · Log in