How to secure your site against the NSA and GCHQ

In the last couple of months I’ve had a number of discussions with people who were under the impression that encryption has been cracked by the NSA.

If you like, jump straight to what you can do about it.

The story

The story started in September, in the Guardian:

NSA and GCHQ unlock encryption used to protect emails, banking and medical records

(Guardian - Revealed: how US and UK spy agencies defeat internet privacy and security, James Ball, Julian Borger and Glenn Greenwald, 5th September 2013)

This came up again today, because Sir Tim Berners-Lee made a statement:

In an interview with the Guardian, he expressed particular outrage that GCHQ and the NSA had weakened online security by cracking much of the online encryption on which hundreds of millions of users rely to guard data privacy.

(Guardian - Tim Berners-Lee condemns spy agencies as heads face MPs, Ed Pilkington, 7th November 2013)

And something very similar to this was stated in the Radio 4 news program I was listening to this morning.

The worry

On the face of it this sounds like the NSA’s geniuses have reverse-engineered some core cryptographic principles - e.g. worked out how to quickly deduce prime factors from a public key (read an explanation of RSA).

This would be very serious. I was sceptical though, because I believe that if there were key vulnerabilities in public algorithms, the public would have found them long before the NSA. They don’t have a monopoly on good mathematicians. This is, after all, why open-source code and public algorithms are inherently more secure.

The truth

Helpfully, Massachusetts Institute of Technology published an article 4 days later clarifying what the NSA had likely achieved:

New details of the NSA’s capabilities suggest encryption can still be trusted. But more effort is needed to fix problems with how it is used.

(NSA Leak Leaves Crypto-Math Intact but Highlights Known Workarounds, Tom Simonite, 9th September 2013)

This shows that (still as far as we know) the NSA have done nothing unprecedented. They have, however, gone to huge lengths to exploit every known vulnerability in security systems, regardless of legality. Mostly, these vulnerabilities are with the end-point systems, not the cryptography itself.

What the NSA and GCHQ have done

I’ve tried to list these in order of severity:

A word about RSA brute-forcing

We have known for a while that 1024-bit RSA keys could feasibly be brute-forced by anyone with enough resources - and many assumed that the U.S security agencies would almost certainly be doing it. So for the more paranoid among us, this should be no surprise.

“RSA 1024 is entirely too weak to be used anywhere with any confidence in its security” says Tom Ritter

However, MIT also claim that these weaker keys are:

used by most websites that offer secure SSL connections

This surprises me, as I know that GoDaddy at least won’t sell you a certificate for a key shorter than 2048-bit - and I would assume other certificate vendors would follow suit. But maybe this is fairly recent.

However, even if “most websites” use RSA-1024, it doesn’t mean that the NSA is decrypting all of this encrypted traffic, because it still requires a huge amount of resources (and time) to do, and the sheer number of such keys being used will also be huge. This means the NSA can only be decrypting data from specifically targeted sites. They won’t have decrypted all of it.

What you can do

Now that we know this is going on, it only means that we should be more stringent about the security best-practices that already existed:

By @nottrobin