Should I be concerned? ArsTechnica "NSA could put undetectable “trapdoors” in millions... "

paj
paj
Community Member

NSA could put undetectable “trapdoors” in millions of crypto keys
http://arstechnica.com/security/2016/10/how-the-nsa-could-put-undetectable-trapdoors-in-millions-of-crypto-keys/
Technique allows attackers to passively decrypt Diffie-Hellman protected data

"Researchers have devised a way to place undetectable backdoors in the cryptographic keys that protect websites, virtual private networks, and Internet servers. The feat allows hackers to passively decrypt hundreds of millions of encrypted communications as well as cryptographically impersonate key owners.

The technique is notable because it puts a backdoor—or in the parlance of cryptographers, a "trapdoor"—in 1,024-bit keys used in the Diffie-Hellman key exchange."

tl:dr (li5) - encrypted stuff you think is safe - may not be safe


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @paj: The great thing about 1Password is that you are in control of your data. That can sound a bit pithy when we're talking about this kind of large-scale, state-sponsored malfeasance, but it has one very important benefit in this context: your data is encrypted using the Master Password you chose. So while a company could presumably encrypt data on your behalf using keys of their choosing (which perhaps someone else had a hand in choosing), this is simply not feasible with 1Password since we can't influence your choice of Master Password. And if that somehow becomes possible one day, well...it's over for all of us. ;)

This discussion has been closed.