One of the major beefs that many of us have with the NSA is that they keep doing things that make us less secure. Their latest project is trying to convince Congress to mandate back doors in crypto applications. It’s a really bad idea for the same reasons it was the last time they tried it with the Clipper Chip.
Before the Clipper Chip, we had the crypto export restrictions. One of the consequences of those restrictions was that browsers and Internet servers couldn’t be sold overseas without crippling the encryption. That was done by allowing the browser and server to negotiate a less secure key so that browsers sold overseas could still be spied on but domestic browsers could negotiate a more secure key and thus have robust encryption. The policy was doomed for obvious reasons and was eventually relaxed to the point of no longer being an issue.
The problem is that most browsers and servers still support negotiating crippled keys and, of course, criminals and governments have been exploiting that fact for some time. The last time we heard about this it was in conjunction with the FREAK attack. Now we have the Logjam attack that also tricks the browser and server into negotiating a weak key. You can read the details in this paper that describes the attack and you can check if your browser is vulnerable by going to The Logjam Attack site, which also contains a summary of the attack and statistics on how many sites are vulnerable.
As NSA meddling goes, you could consider the export restrictions fairly benign but the results of that particular meddling are still echoing from the past and causing mischief today. Part of the NSA’s mission is to secure our communications and make us all safer. I wish they’d start doing that1.
UPDATE: Matthew Green has an excellent post on Logjam that covers the technical details in a more accessible fashion than the paper. You should definitely read his post if you’re interested in this exploit. He also discusses the speculation that the NSA is using a Logjam type exploit.
Footnotes:
The researchers who discovered this attack note that part of Edward Snowden’s disclosures involve the NSA breaking into TLS sessions and they speculate that the Logjam attack is being actively exploited by the NSA to to do.