Jump to content
Not connected, Your IP: 18.206.185.68
knoth

Different primes used in DH key exchange

Recommended Posts

Hi,

 

I would like to know how AirVPN is defending against this kind of attack (from https://weakdh.org/):

 

Threats from state-level adversaries. Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections.

We carried out this computation against the most common 512-bit prime used for TLS and demonstrate that the Logjam attack can be used to downgrade connections to 80% of TLS servers supporting DHE_EXPORT. We further estimate that an academic team can break a 768-bit prime and that a nation-state can break a 1024-bit prime. Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break.

 

Technical paper here: https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf

 

Do AirVPN, website and VPN servers, use the same prime (or a small subsetof primes) for every key exchange?

 

Thank you

 

knoth

 

 

Share this post


Link to post

I believe AirVPN use 4096-bit and unique primes on each server.

 

yes, the OP would know this if he/she bothered to search the forum for a minute

Share this post


Link to post

 

 

I believe AirVPN use 4096-bit and unique primes on each server.

 

yes, the OP would know this if he/she bothered to search the forum for a minute

 

 

4096 bit keylength is largely advertised all over this site and it's not the answer to my question.

My question is related to the frequency of reuse and how many primes are used for key exchange.

The usage of 4096 bit prime is obviously implicit since it provides more cryptographic strength than 1024 or 2048 bit.

However, this strength can be jeopardized by the use of the same prime number (or a small subset) for every connection, even if the key (not the prime) is changed every 60 seconds.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...