(credit: BalticServers.com)

For years, privacy advocates have pushed developers of websites, virtual private network apps, and other cryptographic software to adopt the Diffie-Hellman cryptographic key exchange as a defense against surveillance from the US National Security Agency and other state-sponsored spies. Now, researchers are renewing their warning that a serious flaw in the way the key exchange is implemented is allowing the NSA to break and eavesdrop on trillions of encrypted connections.

The cost for adversaries is by no means modest. For commonly used 1024-bit keys, it would take about a year and cost a "few hundred million dollars" to crack just one of the extremely large prime numbers that form the starting point of a Diffie-Hellman negotiation. But it turns out that only a few primes are commonly used, putting the price well within the NSA's $11 billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities."

"Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous," researchers Alex Halderman and Nadia Heninger wrote in a blog post published Wednesday. "Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."

A Faraday Cases travel case, configured to keep communications gear safe in transit from unfriendly electromagnetism.

2 more images in gallery

WASHINGTON, DC—A small company from Utah has developed a composite material that combines carbon fibers with a nickel coating. The result is an extremely lightweight electric-conducting material with the properties of plastic. And now that material is being used to create cases and computer enclosures that are essentially lightweight Faraday cages—containing electromagnetic radiation from digital devices and shielding them from electronic eavesdropping or electromagnetic pulse attacks. Ars got a brief hands-on with some of the materials at the Association of the United States Army expo this week.

The company, Conductive Composites, is now selling cases built with the Nickel Chemical Vapor Deposition (NiCVD) composite material through its Faraday Cases division. The cases range in size from suitcase-sized units for carrying smaller digital devices to wheeled portable enclosures that can house servers—providing what is essentially an EMP-shielded portable data center. The cases and enclosures are being marketed not just to the military but to consumers, corporations, and first responders as well.

The materials used in Faraday Cases can also be used to create ultra-lightweight antennas, satellite communications reflector dishes, and hundreds of other things that currently need to be made with conductive metal. And they could be a boon to anyone trying to prevent electronic eavesdropping—be it through active wireless bugs, radio retroreflectors used by nation-state intelligence agencies, or passive surveillance through anything from Wi-FI hacking to electromagnetic signals leaking from computer cables and monitors. And in some cases, they could make it possible to create the kind of secure spaces used by government agencies to prevent eavesdropping nearly anywhere.