Researchers have demonstrated the NSA’s ability to peek into trillions of encrypted connections due to a common inadequacy in cryptography. Computer scientists Nadia Heninger and J Alex Alderman have argued that a common weakness in encryption technology used regularly leaves most of the traffic vulnerable to NSA spying.

In a paper published by the scientists, it is explained that the problem arises in the application of the Diffie-Hellman key exchange, an algorithm allowing effective encrypted communication between two parties. This cryptography functions by letting the two parties swap “keys” that are run through an algorithm, which then produces a secret key known to both users, but which cannot be guessed by anyone else. The secret key is then used to encrypt all future communications and could take centuries to be directly decrypted.

At the start of this process are generated three types of keys – a public key, a private key, and a common public key which is a very long prime number. Since it is costly and time-consuming to generate new common public keys every time, it is re-used by most encryption systems. Researchers point out that two-thirds of all VPNs are encrypted by a single prime, reports The Guardian. “Nearly 20% of the top million HTTPS websites” are encrypted by a second key.

“It would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year,” write the researchers. “Based on the evidence we have, we can’t prove for certain that NSA is doing this. However, our proposed Diffie-Hellman break fits the known technical details about their large-scale decryption capabilities better than any competing explanation.”

Information leaks by Edward Snowden in 2013 revealing the NSA’s spying on Virtual Private Networks (VPN) by tapping connections and diverting data to supercomputers, had raised important questions. It was not understood what those supercomputers would have done or how a valid key would be returned by them so quickly, since a frontal attack on the VPN would take centuries, even with superfast computers. The research has once again raised concerns about the inadequacies of data security.

Contact the writer at feedback@ibtimes.com.au, or let us know what you think below