Blake gets the job done right!

Learn more about my hobbies and areas of interest

Current Thoughts On Encryption

 

From what we see in the news one thing appears to be clear: No one really knows the extent of the NSA’s capabilities beyond the NSA itself. Nevertheless, once whatever is the available information was released we conducted our own research and came to some conclusions. At this moment, our best source of information on the subject appears to be Bruce Schneier since he is both an expert in security and cryptography as well as outspoken in defense of civil liberties. He has direct access to source NSA materials from Snowden. As a result, he is at this stage the only one on our side who has the proper perspective to make a real, educated guess about the NSA.

 

Is Encryption Dead or Alive?

For starters, encryption itself is not dead and gone. Snowden and Schneier have both made strong statements to indicate this. Snowden said that, “Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on.” Schneier also said, “I believe this is true.” He continued to tell us, “Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.” Even so, we see that the media puts a spin on news that gives the impression that encryption is completely broken. And if that is not the case, then we may ask: what is broken?

 

Farewell Our Good King

Our best understanding is that 1024bit RSA will have to be left behind. Most likely, it can be cracked in an even smaller time frame than we originally thought was possible. Multiple facts that we have observed brought us to this conclusion and this quote seems to confirm our suspicions: “Another program, codenamed Cheesy Name, was aimed at singling out encryption keys, known as ‘certificates,’ that might be vulnerable to being cracked by GCHQ supercomputers.” We consider this an indication of the reality that certain certificates are crackable and others are not. The 1024bit RSA certificate, which is rather weak and is still commonly employed by many websites, is a likely culprit for that. If this turns out to be the case, then although it will have little to no impact on OpenVPN traffic it raises major concerns for HTTPS traffic. By far, the major portion of HTTPS traffic can be decrypted by cracking or obtaining the private key for the RSA certificate because most web servers do not employ an ephemeral key exchange.

 

Ephemeral Key Exchanges

As a result of complete non-reliance on certificates in exchanging their secret keys ephemeral key exchanges are very different from non ephemeral key exchanges. What this means is that if a cracker is attempting to spy on your encrypted connection and somehow he were to obtain the certificate’s private key, he or she would still be unable to decrypt the transmission. A non ephemeral key exchange by contrast relies completely on the fact that its certificate’s private key remains secret in order for the exchange to maintain secrecy. Because of this, once a private key is uncovered any and all non ephemeral exchanges past, present or future are compromised just by watching them.

 

The cloud’s silver lining is that an upgrade to ephemeral key exchanges by all web traffic would nullify the connection between a dragnet decryption of HTTPS traffic and the breaking of 1024bit RSA encryption. The sad fact remains that our contemporary internet is not set up this way, and so it is safest to assume that widespread decryption programs aimed at non ephemeral 1024bit RSA HTTPS connections are taking place, which reach the lion’s share of all web or HTTPS traffic found on the internet.

 

OpenVPN

Great news however remains that open source OpenVPN uses ephemeral key exchanges by design just to prevent any such massive, dragnet decryption. It does though leave a targeted man in the middle’s OpenVPN connection vulnerable to attacks if they have cracked the private key. As a result, we have instigated many changes to our service that will harden it and thus prevent any new, more powerful attacks from occurring.

 

Superman’s Other Weakness

There remains a less-likely but potential scenario of what might be broken. The key exchange protocol of the 1024bit Diffie Helman is also possible to crack within a reasonable time frame. However, there is no mention of it and so we don’t believe it to be a likely issue. Nonetheless, such a weakness might allow the NSA (using a 1024bit key exchange) to perform decryption on passively recorded OpenVPN or HTTPS sessions, both past and future. This is admittedly not likely the case, but even so our company has already upgraded its Diffie Helman key exchanges, moving to 2048bit just to ensure there is no realistic possibility of this occurring.

 

The NSA

The Guardian has reported,”Documents show that Edgehill’s initial aim was to decode the encrypted traffic certified by three major (unnamed) internet companies and 30 types of Virtual Private Network (VPN) – used by businesses to provide secure remote access to their systems. By 2015, GCHQ hoped to have cracked the codes used by 15 major internet companies, and 300 VPNs.”

 

At first, we found this statement alarming. However, after thoroughly analyzing the reports and consulting our in-house and external experts on this subject matter we believe that they are referring to different implementations or types of PPTP VPN solutions including software, hardware, or perhaps even open source PPTP. After all, historically PPTP has used a variety of cryptographic algorithms that were either weakened to the extent that they were useless or broken entirely. Also, there are in all likelihood a great deal of variants included in commercial offerings because it is an extremely aged/legacy protocol. Our belief is that the NSA is only referring to its attempts to set up systems that will automatically detect and decrypt every type of PPTP variant. Such an accomplishment would naturally give them the ability to obtain traffic from many large institutions, organizations, and even from those governments that are still using these older legacy commercial systems.

 

A second possibility, which has turned out to be more likely than we had originally estimated, is that the NSA is referring to its hopes to crack IPSec VPN commercial offerings. We feel this is not likely the case because it is a far more secure protocol.  IPSec and TLS use the same building blocks. That said it is still quite possible for the NSA to have either discovered or inserted weaknesses into IPSec offerings found in commercial hardware. This could for instance include an issue similar to the HTTPS problem of non ephemeral key exchanges, weak or broken cryptographic primitives, weaknesses in random number generators that allow the NSA to predict the random numbers, or leaks of secret information via flaws in the IPSec implementation.

 

A third possibility is that they are making reference to network routing technologies, sometimes referred to as VPNs. MPLS for example may or may not even be encrypted.

 

Based on the statements that have been made at this time, we do not in any case feel that they are in any way, shape or form speaking of OpenVPN. Open VPN is an open source project, rests on the same cryptographic foundation as TLS, must be interoperable with any OpenVPN protocol/version, and finally always uses ephemeral key exchanges. The above 4 items together make it nearly unimaginable that OpenVPN has a flaw so fatal that it would become open to dragnet-style decryption by the NSA. Schneier himself also agrees when saying, “Try to use public-domain encryption that has to be compatible with other implementations.”

 

Reassurance from IPVanish

As already discussed, we have made the change to the higher security 2048bit key exchange in order to prevent an unexpected NSA cracking ability. Within weeks we also plan to release a new client, which will give users the option to select their security for both the key exchange and the certificate and also their symmetric cipher security. 2048bit will be our default certificate, but users will be allowed to choose either 3072bit or 4096bit if they desire to be extra careful. Soon we will also unveil something that you won’t find elsewhere: Elliptic Curve Cryptography, available with both 256bit and 521bit curves. We want to make this cutting edge cryptography available to our users who may choose to utilize it. Check out http://www.thevpnreviewer.com/ for more information about reliable VPN services.