VPN Articles and News

NSA’s Mass Decryption Project Can Break VPN Connections

Wednesday, February 24th, 2016

The use of encrypted services such as VPNs is often recommended as the easiest and most secure way to bypass government surveillance. But if the recent media reports are to be believed, NSA’s mass decryption project would have the capability to break trillions of VPN and HTTPS connections. While the agency has protested the introduction of encrypted services by companies like Google and Apple in the past, lately it has been mostly quiet on the issue. Security experts warn that the silence could be because of the fact that the agency has finally managed to achieve a breakthrough in cracking encrypted services.

Before we learn more about NSA’s mass decryption project, it is important to understand how modern encryption work. Many encrypted services on the web, including VPNs, email services and HTTPS sites; rely on the Diffie-Hellman key exchange to encrypt and decrypt data. Diffie-Hellman is often touted as the hallmark of cryptography and is being used by millions of websites and service providers to encrypt data and beat mass surveillance. However, it has now come to the attention of security experts that even the data exchanged through Diffie-Hellman key exchange might be intercepted by agencies like NSA due to the poor implementation of the algorithm.

When a web service provider secures its services with Diffie-Hellman key exchange, the data gets encrypted with a very large 1024-bit prime number. While each service provider should ideally use its own unique key to secure data, in practice most providers use the default, hard-code prime numbers as the security key. This also means that if an entity is able to crack one key, theoretically it can break billions or even trillions of encrypted connections with it. As you can imagine, this can have a catastrophic impact on web based services and could throw the entire VPN industry into chaos.

It is worthwhile to mention here that cracking a 1024-bit key is by no means an easy task. Security experts estimate that cracking a single 1024-bit key through brute force methods could take up to a year and would cost several million dollars. Due to the cost and resources involved, most security organizations assumed that cracking a 1024-bit Diffie-Hellman key is next to impossible, However, with a $10 billion a year budget (including $1 billion for network exploitation), NSA certainly has the resources to attempt such an undertaking.

It is estimated that cracking of a single 1024-bit key would enable NSA to decrypt approximately two-third of VPN connections and twenty-five percent of SSH connections. And if the agency is able to crack one more key, it would be able to eavesdrop on approximately twenty percent of HTTPS websites. These are by no means small numbers and have the potential of throwing the entire web service infrastructure into disarray. While NSA has neither confirmed nor denied the reports that it is now able to decrypt encrypted connections, security experts say that it is just a matter of time before the agency acquires such a capability.

February 24, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *

3 + 6 =