Do you use the Tor network? If you're not familiar with the project, it's "free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis." In short, end users setup nodes and then Internet traffic goes through these encrypted nodes, making it difficult for people to eavesdrop on what you're doing.
In the wake of the NSA spying program, it appears that the network may not be as private as we thought. Robert Graham, a security researcher, has concluded that three quarters of all Tor nodes use only 1024-bit Diffie-Hellman keys, and it's generally agreed upon that the NSA can crack these keys in hours using dedicated hardware. The latest release candidate for Tor, version 2.4, switches from the standard Diffie-Hellman key exchange to ECDHE, which are Elliptical-Curve Diffie-Hellman keys, which may greatly increase the privacy of the Tor network. Unfortunately, this version is not yet finalized and may not be as stable as the current release.
Of course there's no guarantee that the NSA hasn't already found an easy way to crack ECDHE, but considering it's not currently as common as other encryption techniques, for now there's a greater chance that it's more secure.
Source: Errata Sec, via Ars Technica | Privacy image via Shutterstock
24 Comments - Add comment