For the nerds in the audience, here’s what’s wrong: If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.

Source: How is NSA breaking so much crypto?

[ TL;DR: An attack against Diffie-Hellman based on people using the same prime number for seeding. ]

I love the simplicity of this attack. It’s so practical.

They don’t have magic, and they didn’t break the protocols. But they do have a ton of money to throw at ONE BET, and luckily many people are crazy enough to use the same prime.

So it happens to work, for the people who are misconfigured in this particular way, for this particular protocol.

I like this so much because it’s how real hacking works, especially where the challenge level is high. It often comes down to stupidity stacked upon stupidity, combined with luck, added to copious amounts of patience and/or resources.

Then it happens, and people hear about it and assume it was some genius inventing a new type of mathematics, overnight, while wearing a hoodie.

Notes

1. This is of course assuming that the conjecture is correct, which may or may not be true.