Article : NSA can break trillions of encrypted VPN connections

Guus Sliepen guus at tinc-vpn.org
Mon Oct 19 12:12:51 CEST 2015


On Mon, Oct 19, 2015 at 11:28:04AM +0200, Florent B wrote:

> Have you read this article from ars technica ?
> 
> http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/

Yes.

> What I understand is that 1024-bits Diffie-Hellman keys are broken by NSA.

More precisely, they can spend a lot of effort to break Diffie-Hellman
for a small number of primes. Unfortunately, most implementations only
use a small set of commonly used primes.

> Tinc 1.1 seems to use smallest DH keys. Is it a security problem ?

Tinc 1.1 uses elliptic curve Diffie-Hellman (ECDH). This, as far as I
know, has not been broken by the NSA. Tinc 1.0 doesn't use
Diffie-Hellman at all.

-- 
Met vriendelijke groet / with kind regards,
     Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151019/9ca3de73/attachment.sig>


More information about the tinc mailing list