Op-ed: (How) did they break Diffie-Hellman? | Ars Technica
Nov 14, 2015
7:32 PM EST
|Not a "Linux story" per se, but I thought it would be of interest :)
- - -
Op-ed: (How) did they break Diffie-Hellman?
Relax—it's not true that researchers have broken the Diffie-Hellman key exchange protocol.
by Martijn Grooten - Nov 14, 2015 7:00am PST
(Martijn Grooten is a mathematician-turned-security professional. He is currently Editor of Virus Bulletin and does the occasional security research on the side in which, wherever possible, he likes to use his mathematical background. This post originally appeared on Martijn's Lapsed Ordinary blog.)
Earlier this year, a research paper presented a new attack against the Diffie-Hellman key exchange protocol. Among other things, the paper came with a reasonable explanation of how the NSA might be able to read a lot of the Internet’s VPN traffic. I wrote a blog about this in May.
Last month, the paper was presented at the ACM CCS 2015 conference and thus made the news again. While the research does have serious implications, it did not signal the end of the use of the Diffie-Protocol as some suggested.
Chicken or the egg
Diffie-Hellman (named after its inventors Whitfield Diffie and Martin Hellman) attempts to solve the chicken-or-egg problem in cryptography: for Alice and Bob to communicate securely over a public channel such as the Internet they need to share a common encryption key. But for them to agree on such a key they need to be able to communicate securely over a public channel.
(In a typical situation where the protocol is used, Alice is a Web browser or a VPN client; Bob is a Web server using HTTPS or a VPN server...
You cannot post until you login.