Hacker News new | past | comments | ask | show | jobs | submit login

IIRC there's been speculation that the NSA can/has brute forced TLS keys up through 4096 bit size. I read a paper once that crunched the numbers on energy cost and compute time and whatnot it comes out looking like a reasonable investment for them.

Obviously they'd have to keep such an exercise on the DL if they did do it because increasing key size is pretty trivial.




A 4096-bit RSA key is still well beyond the means of even a very capable state actor. The standard nowadays is 2048-bit RSA keys, cracking of which is also (probably) still beyond anyone's capabilities. Maybe a multi-year effort directed at a specific target might manage to crack a single key, but I wouldn't bet on it. RSA cracking efforts would almost certainly focus on smaller keys that are still being used despite the warnings.

However, even if they did crack a major infrastructure provider's RSA key, TLS nowadays uses ephemeral key exchange which provides forward secrecy. So it doesn't matter if an intelligence agency collected every packet, they could not decipher the contents after the fact. They would have to actively interdict every TLS handshake and perform a man-in-the-middle attack against both parties all the time.

It is extremely doubtful that this is happening en masse. Such a process would require an immense amount of online computing power directly in the path of all Internet traffic. Much of the compute available to intelligence agencies (and accounted for in back-of-the-envelope calculations by outside parties) is effectively offline due to airgaps. It's not like they want people doing to them what they're doing to others, after all.

It's much easier to send an NSL to Google to read your email than to try to intercept it over the wire. The latter capability would be reserved for high-value targets unreachable by the US legal system, not mass surveillance.


>It's much easier to send an NSL to Google to read your email than to try to intercept it over the wire. The latter capability would be reserved for high-value targets unreachable by the US legal system, not mass surveillance.

https://blog.encrypt.me/2013/11/05/ssl-added-and-removed-her...

That pissed a lot of people off at Google, and served as a major catalyst for their in-house RISC-V networking hardware.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: