The Daily Beast digs deep into the the basics behind Logjam-type vulnerabilities and asks an intriguing question: is this The NSA’s Secret to cracking secure communications such SSL?:
Yet slides in the Snowden documents revealed the NSA’s astonishing success in exploiting IPSec. The researchers outlined an approach which, although requiring the construction of a dedicated supercomputer, lies within the NSA’s grasp. Diffie-Hellman uses a prime number in its computation, and although there are an astonishing number of usable primes, most systems use a standard prime number.
The basic idea is to do a nearly astronomical amount of work precomputing partial answers needed to break any connection associated with a given prime number and then, because most systems use a common prime number, perform only a little more work to crack any given connection. So with a huge amount of initial work and money, but only a modest amount of work per connection, the NSA could break two-thirds of the IPSec connections on the planet—opening up an untold number of corporate VPNs.
The researchers have no direct evidence that the NSA did this, but I believe their suspicions are well founded. The NSA is not made up of magicians, and all its successes must have a prosaic explanation. If the NSA did indeed discover this technique unnoticed, its failure to disclose is yet more evidence that the NSA does not care about the security of non-classified systems; it would rather spend hundreds of millions of dollars developing a cracking system than simply notifying the world how to secure U.S. businesses before some other foreign intelligence service discovers the same thing.