Researchers have found a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and internet servers. These backdoors offer the possibility for hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners. The technique puts a so-called ”Trapdoor” in the 1,024-bit keys used in the Diffie-Hellman key exchange, which is a specific method of securely exchanging cryptographic keys over a public channel. People that are familiar with the trapdoor, can easily decrypt Diffie-Hellman-protected communications over extended periods of time. As with all public key encryption, the security of the Diffie Hellman key exchange builds on theoretic computations involving prime numbers so large, that the problems are hard for attackers to solve. As a second line of defense, the parties that use these encryptions can also conceal secrets within the results of these computations. However, researchers developed a special prime containing certain invisible properties that make secret parameters unusually susceptible to discovery.
The the user of a trapdoored prime, it just looks like any other 1,024-bit key. However, to attackers with knowledge of the weakness, makes it’s security about 10.000 times easier to solve. This makes the trapdoored prime ideal for NSA, according to the documents Edwards Snowden exposed in 2013. If the NSA succeeded in getting a trapdoored prime als de industry standard, the agency would have a way to flawlessly decrypt communications of end users.
If this would happen, it wouldn’t be the first time the NSA intentionally weakened codes so it could more easily bypass encryptions. For example, in 2007 NIST backed NSA-devloped code for generating random number generators. It was suspected that NSA deliberately designed weaknesses into the code that allowed the agency to decrypt the algorithm that used these random number generators. This was all confirmed by the documents leaked by Snowden.
All in all, the current batch of 1,024-bit primes might not cut it anymore. The time has come to replace 1,024-bit primes with 2,048-bit or even 4,096-bit replacements, since some 1,024-bit primes can’t be verified as truly random.
