Encryption Flaw Allows the NSA to Break HTTPS and VPN Traffic !!!!!!!!! /// Diffie-Hellman algorithm

A group of 14 researchers have presented a paper at the 22nd ACM Conference on Computer and Communications Security (ACM CCS) in Denver on Wednesday, October 14, a paper on which they base a theory of how the NSA can break most of the Web's HTTP and VPN traffic due to a flaw in the implementation of the Diffie-Hellman algorithm used to encrypt Web traffic.

DenverCyber

Best Answer

  • gancalgancal Posts: 23
    Accepted Answer

    Hello whitefox,

     

    Good day to you and thanks for bringing this up for everyones' attention!

     

    The Logjam attack described in the paper is not new as it was already made public back in May. F-Secure has already taken all the necessary steps to update our servers to not only rely on DHE cipher suites when the news broke.

     

    Though the attack described in the paper is plausible however do note that this could happen to any HTTPS traffic regardless of what products/services is using it. There is unfortunately nothing much we can do if a state sponsored attack is to be conducted to decrypt the traffic Smiley Sad However as of now, updating your browser to the latest version should protect you from the attack.

     

    Regards,

    Calvin Gan

    F-Secure Security Vulnerability Expert

This discussion has been closed.