Article : NSA can break trillions of encrypted VPN connections
Guus Sliepen
guus at tinc-vpn.org
Mon Oct 19 12:12:51 CEST 2015
On Mon, Oct 19, 2015 at 11:28:04AM +0200, Florent B wrote:
> Have you read this article from ars technica ?
>
> http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/
Yes.
> What I understand is that 1024-bits Diffie-Hellman keys are broken by NSA.
More precisely, they can spend a lot of effort to break Diffie-Hellman
for a small number of primes. Unfortunately, most implementations only
use a small set of commonly used primes.
> Tinc 1.1 seems to use smallest DH keys. Is it a security problem ?
Tinc 1.1 uses elliptic curve Diffie-Hellman (ECDH). This, as far as I
know, has not been broken by the NSA. Tinc 1.0 doesn't use
Diffie-Hellman at all.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20151019/9ca3de73/attachment.sig>
More information about the tinc
mailing list