Valerian 20 Posted ... Article from BoingBoing: 'For instance, the Snowden documents show that NSA’s VPN decryption infrastructure involves intercepting encrypted connections and passing certain data to supercomputers, which return the key. The design of the system goes to great lengths to collect particular data that would be necessary for an attack on Diffie-Hellman but not for alternative explanations, like a break in AES or other symmetric crypto. 'While the documents make it clear that NSA uses other attack techniques, like software and hardware “implants,” to break crypto on specific targets, these don’t explain the ability to passively eavesdrop on VPN traffic at a large scale.' http://boingboing.net/2015/10/15/the-nsa-sure-breaks-a-lot-of.html Quote Share this post Link to post
LBDude 3 Posted ... Nissemus, Thanks for posting this. I just signed on with the intention of posting the same information from today's "Guardian": http://www.theguardian.com/technology/2015/oct/15/nsa-crack-encryption-software-reusing-passwords I assume that if this is hitting the mainstream press, then a lot of tech savvy people here have known about it for a while and can probably offer their insights. I hope this topic stimulates more comments/discussion. I, for one, would like to know how this relates to the encryption used by AirVPN. Quote Share this post Link to post
snipe 0 Posted ... And this published today on arstechnica - http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/ Quote Share this post Link to post
Staff 10017 Posted ... Hello! We remind you that we use 4096 bit keys for DH and unique primes on each VPN server. Kind regards 7 Valerian, Keksjdjdke, eyes878 and 4 others reacted to this Quote Share this post Link to post
eyes878 43 Posted ... Hello! We remind you that we use 4096 bit keys for DH and unique primes on each VPN server. Kind regardsI love how AirVPN has every potential issue solved before it's even a problem. 2 Kepler_452b and Just a Fred reacted to this Quote Share this post Link to post
snipe 0 Posted ... I figured when I posted the link to the arstechnica article that we would hear from the AirVPN guys that they already had it covered, lol. Quote Share this post Link to post
iwih2gk 94 Posted ... Hello! We remind you that we use 4096 bit keys for DH and unique primes on each VPN server. Kind regards Just curious as to HOW you generate "unique primes" and how often if at all they are rotated? 2 rickjames and OmniNegro reacted to this Quote Share this post Link to post
rickjames 106 Posted ... Hello! We remind you that we use 4096 bit keys for DH and unique primes on each VPN server. Kind regards Just curious as to HOW you generate "unique primes" and how often if at all they are rotated?This ^ I would also give anything for key regeneration/cycle every X weeks or something 1 OmniNegro reacted to this Quote Share this post Link to post
Valerian 20 Posted ... For the truly cautious, here's an EFF article on protecting yourself from NSA attacks on 1024-bit Diffie-Hellman.https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH Quote Share this post Link to post