According to an award-winning paper presented at a security conference earlier this week by a group of prominent cryptographers, the NSA has likely used its access to vast computing power as well as weaknesses in the commonly used TLS security protocol in order to spy on encrypted communications, including VPNs, HTTPS and SSH. As two of the researchers, Alex Halderman and Nadia Heninger explained, it was previously known that the NSA had reached a “breakthrough” allowing these capabilities. The paper represents a major contribution to public understanding by drawing a link between the NSA’s computing resources and previously known cryptographic weaknesses. For readers interested in more detail, EFF published a two-part explainer when the paper was first published in May: Part I and Part II. As we said then, the vulnerabilities described in the paper demonstrate an example of why it is a terrible idea to intentionally weaken cryptography. In this case,…
↧