On Thu, 21 May 2015 08:52:04 +1200, Peter Reutemann wrote:
'The researchers add, "Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break." Here is their full technical report (PDF).'
It appears this prime-number-reuse issue is a separate one from “Logjam” as such; the latter is a vulnerability that allows an attacker to force the use of shorter, more easily crackable keys <https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html>. Bruce Schneier’s article has some interesting commentary on how the prime-number attack sheds new light on past hints dropped by the NSA...