Guus Sliepen
2015-Oct-19 10:12 UTC
Article : NSA can break trillions of encrypted VPN connections
On Mon, Oct 19, 2015 at 11:28:04AM +0200, Florent B wrote:> Have you read this article from ars technica ? > > http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/Yes.> What I understand is that 1024-bits Diffie-Hellman keys are broken by NSA.More precisely, they can spend a lot of effort to break Diffie-Hellman for a small number of primes. Unfortunately, most implementations only use a small set of commonly used primes.> Tinc 1.1 seems to use smallest DH keys. Is it a security problem ?Tinc 1.1 uses elliptic curve Diffie-Hellman (ECDH). This, as far as I know, has not been broken by the NSA. Tinc 1.0 doesn't use Diffie-Hellman at all. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151019/9ca3de73/attachment.sig>
Possibly Parallel Threads
Wisdom of the Ancients
