Another crypto downgrade attack: Logjam

Posted May 22, 2015 20:51 UTC (Fri) by cesarb (subscriber, #6266)
In reply to: Another crypto downgrade attack: Logjam by Cyberax
Parent article: Another crypto downgrade attack: Logjam

> Well, Amazon EC2 routinely has spot nodes available for $0.008 per CPU-hour. So that works out to about $2.5 million USD - not entirely outrageously out of reach for academics, but definitely not a trivial expense.

An attacker is not necessarily going to buy all these CPU-hours with their own money. Unlike academics, attackers are not expected to be honest. They are going to hijack Amazon accounts and use them for the computation. The only cost for these attackers would then be an opportunity cost: would breaking the DH key be worth more than the Bitcoins they could get with the same hijacked computing power?

Another crypto downgrade attack: Logjam

Posted May 23, 2015 14:18 UTC (Sat) by ncm (guest, #165) [Link] (1 responses)

Likewise, botnets are available fairly cheaply. A million cores could do a 36000 core-years job in under two weeks, without impairing much the botnet's primary job of DDOSing or SPAM distribution.

We read of botnets being taken over and "shut down" by law enforcement, but without any independent verification. They could as easily have been repurposed for spooks' occasional convenience.

Another crypto downgrade attack: Logjam

Posted May 24, 2015 20:38 UTC (Sun) by robbe (guest, #16131) [Link]

I was specifically referring to the "academics", i.e. people who are held to some standards of ethics by their peers.

If the authors would have written "within reach of medium to large criminal organisations" I wouldn't have batted an eye. You can also replace "criminal" with "operating outside the law" if you want to include rather than imply spooks.