Flutterby™! : Diffie-Hellman vulnerability

How is NSA breaking so much crypto?.

For the nerds in the audience, here’s what’s wrong: If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason why everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes. But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to “crack” a particular prime, then easily break any individual connection that uses that prime.

Apparently one particular prime gives you 1/5 of the top million HTTPS sites, 2/3 of VPNs, and 1/4 of all SSH servers.

The paper is Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (PDF), I have not dug in further.