How The NSA Decrypts Encrypted Web Traffic

If you pay attention to the allegations that Edward Snowden made against the NSA, you’ve probably heard that they (the NSA) can decrypt and read a decent amount of encrypted web traffic. That includes VPNs as well as HTTPS and SSH traffic.

On October 14, there was a blog post released on Freedom to Tinker that outlines how they could do it. And the reason it’s possible is frightening.

Let’s face it, as human beings, we’re lazy. We like to do things in the easiest way that they will work. Admittedly, sometimes that’s the right way to approach things. There’s no sense in making things more difficult than they need to be. On the other hand, there is such a thing as not doing the job right. The coders implementing the encryption weren’t making it too difficult for the NSA to guess which prime number the encryption was based on.

You can learn the basics of how the Diffie-Hellman key exchange works at Khan Academy. Actually, you can get a more comprehensive tutorial on how encryption works at Khan Academy.

So after you understand the Diffie-Hellman key exchange, you understand how important the prime number is. Well, apparently in human laziness and ease of coding, programmers have been using standard prime numbers and sometimes even hard coding the prime numbers into their system. That means, every single communication starts with the same number.If the NSA knows that number, they can “perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.”

Now cracking all the possible combinations would take some massive computing power and a lot of time. Then you’re forced to wonder how long they’ve been actually working on it. And when you think about the following paragraph, it all starts to make sense.

Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous. Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.

Once they’ve cracked it once, they don’t have to do it again. They’ve already got access. And one has to know that they aren’t stopping to rest on their laurels, they’re going to be after all the cryptographic combinations of all the large prime numbers they can crack.

Your data, if transferred using Diffie-Hellman, isn’t safe. And really, Diffie-Hellman is the backbone of internet security. Think about that next time you choose to buy something online or send a private message without encrypting it yourself.

The Times They Are A Changin’.

The times they are a changin’. And accordingly the blog must change too.

I still enjoy going to the gym. In fact, this coming semester was arranged in part so I could get back to hitting the gym without my school work suffering too badly. But that is no longer the topic of my personal blog. I think I now have more important things to talk about. I’ll no longer talk about protein shakes and exercises. From now on the topic will be coding, digital security, and politics in regards to political security.

Sadly, two of those things, politics and digital security, cannot be separated. Thanks to Edward Snowden, we now have at least an idea of how much the NSA, FBI, and even our own local police departments know about our movements and conversations.

If you haven’t seen it yet, go watch CITIZENFOUR. the true story of Edward Snowden’s journey from NSA Snoop to Public Enemy #1. You can watch it through Netflix, Apple iTunes, and Google Play. **Note: None of those are affiliate links.**

And pay attention here. As I learn about coding, encryption, and politics, I’ll be posting it here.