Berto Jongman: NSA Owns HTTPS & VPN

IO Impotency

berto smallEncryption Flaw Allows the NSA to Break HTTPS and VPN Traffic

A theory that fits all the other clues more than others

A group of 14 researchers have presented a paper at the 22nd ACM Conference on Computer and Communications Security (ACM CCS) in Denver on Wednesday, October 14, a paper on which they base a theory of how the NSA can break most of the Web’s HTTP and VPN traffic due to a flaw in the implementation of the Diffie-Hellman algorithm used to encrypt Web traffic.

The research paper is not new, being already released to the public back in May, when it caused a lot of ruckus in the infosec community, exposing the famous Logjam attack, one which could be used to compromise secure communications between a client and a server by downgrading the TLS connection to the vulnerable 512-bit, export-grade cryptography.

Now, along with the presentation which its authors gave to the ACM CCS audience, an explanatory article on one of Princeton University’s blogs also sheds some light on the theory its creators have around their research.

A design and implementation flaw puts all secure Web connections at risk

Read full article.