|
|
|
|
|
|
by potato3732842
458 days ago
|
|
|
IIRC there's been speculation that the NSA can/has brute forced TLS keys up through 4096 bit size. I read a paper once that crunched the numbers on energy cost and compute time and whatnot it comes out looking like a reasonable investment for them. Obviously they'd have to keep such an exercise on the DL if they did do it because increasing key size is pretty trivial. |
|
|
However, even if they did crack a major infrastructure provider's RSA key, TLS nowadays uses ephemeral key exchange which provides forward secrecy. So it doesn't matter if an intelligence agency collected every packet, they could not decipher the contents after the fact. They would have to actively interdict every TLS handshake and perform a man-in-the-middle attack against both parties all the time.
It is extremely doubtful that this is happening en masse. Such a process would require an immense amount of online computing power directly in the path of all Internet traffic. Much of the compute available to intelligence agencies (and accounted for in back-of-the-envelope calculations by outside parties) is effectively offline due to airgaps. It's not like they want people doing to them what they're doing to others, after all.
It's much easier to send an NSL to Google to read your email than to try to intercept it over the wire. The latter capability would be reserved for high-value targets unreachable by the US legal system, not mass surveillance.