How to protect yourself from NSA attacks on 1024-bit DH
In a post on Wednesday, researchers Alex Halderman and Nadia Heninger presented compelling research suggesting that the NSA has developed the capability to decrypt a large number of HTTPS, SSH, and VPN connections using an attack on common implementations of the Diffie-Hellman key exchange algorithm with 1024-bit primes. Earlier in the year, they were part of a research group that published a study of the Logjam attack, which leveraged overlooked and outdated code to enforce “export-grade” (downgraded, 512-bit) parameters for Diffie-Hellman. By performing a cost analysis of the algorithm with stronger 1024-bit parameters and comparing that with what we know of the NSA “black budget” (and reading between the lines of several leaked documents about NSA interception capabilities) they concluded that it’s likely NSA has been breaking 1024-bit Diffie-Hellman for some time now.
The good news is, in the time since this research was originally published, the major browser vendors (IE, Chrome, and Firefox) have removed support for 512-bit Diffie-Hellman, addressing the biggest vulnerability. However, 1024-bit Diffie-Hellman remains supported for the forseeable future despite its vulnerability to NSA surveillance. In this post, we present some practical tips to protect yourself from the surveillance machine, whether you’re using a web browser, an SSH client, or VPN software.
Disclaimer: This is not a complete guide, and not all software is covered.
To make sure you’re using the strongest crypto, you have to look at the encryption algorithms (or cipher suites) that your browser supports. There’s an excellent tool, How’s My SSL?, that will to test your browser’s cipher suite support. The relevant area of the page is the bottom, Given Cipher Suites. You want to make sure that you don’t see the text “_DHE_” in the list of ciphersuites. Although the Elliptic Curve variant of Diffie-Hellman, represented by suites with “_ECDHE_” is okay). Here’s how to remove those “_DHE_” cipher suites if you still have them:
(tested with 40.0.3)
Open a new tab, enter “about:config” into the location bar and hit the “Enter” key. If you get a warning page, click “I’ll be careful, I promise!” This will bring you to the Firefox configuration settings. In the search bar up top, type “.dhe_” and hit the “Enter” key. This should result in two settings being displayed: “security.ssl3.dhe_rsa_aes_256_sha” and “security.ssl3.dhe_rsa_aes_256_sha”. Double-click both of them to change the value from “true” to “false”.
For detailed information, go to:
NEWS UPDATE……..March 12, 2016:
NSA data will soon be used by domestic law enforcement.
“If you’re reading this, then I’m willing to bet that you’ve been called by many different names throughout your life. If I were to hazard a guess, I would say names like kook, paranoid, conspiracy theorist, alarmist, insane or gullible. And after this week, you can go by a new name: Vindicated.“ READ THIS NEWS ITEM:
NEWS UPDATE…….March 12, 2016:
The National Security Agency’s data harvesting program, PRISM, has been the subject of much speculation and controversy since its existence was revealed by former NSA contractor Edward Snowden in 2013.
PRISM is widely regarded as “the NSA spying on everyone’s Internet activity” by the public, which is left to guess at the true extent of the program from a few scraps of hard data, since so much of it remains classified. Recent stories have suggested the scope of NSA surveillance was considerably more narrow than critics feared, but now a ruling from a federal judge suggests that surveillance remains more broad than privacy activists might have hoped.
E-mail = noriohayakawa@gmail.