Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: NSA SSL Private Keys?
5 points by iSloth on June 16, 2013 | hide | past | favorite | 4 comments
So we know that the NSA are capturing the majority of internet traffic passing through the USA, currently it's a bit more vage on how much access they have to the data/servers of Facebook, Google, Twitter etc...

And a high percentage of the internet traffic these days it SSL encrypted, especially the more interesting traffic.

So what's the chance that the NSA have Google's, Facebook's Private SSL keys? and their actually decrypting the mirrored internet traffic that we know their capturing?




The biggest risk is one of the X.509v3 certificates for various Certification Authorities (CAs) is compromised.

http://www.cyberciti.biz/faq/firefox-adding-trusted-ca/

Discussion of SSL on cryptome: http://cryptome.org/0005/ssl-broken.htm


No, it's not; you can only use a compromised CA cert to MITM traffic, and if you do that, the Chrome users who have Google's actual key identity pinned in their browser will detect you doing that.


Pretty much nil. The NSA isn't stupid; even in the (exceptionally unlikely) case that they can just MITM any SSL connection without arousing suspicion in even a well-monitored network, why would they reveal that? Much easier to just hack your computer/telephone/...


More likely they have access to a trusted CA, or wildcard certificates that they can use to apply MitM to specific traffic. Almost the same effect, but no key stealing is necessary. (although that would require redirecting your traffic rather than passive capture)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: