. Vulnerable and . Can-precompute-for, all 512-bit groups all 768-bit groups one 1024-bit group ten 1024-bit groups HTTPS Top 1M w, 4%) 205,000 (37.1%)56%) 1, p.700000000

]. S. Bai, C. Bouvier, A. Filbois, P. Gaudry, L. Imbert et al., cado-nfs, an implementation of the number field sieve algorithm

R. Barbulescu, Algorithmes de logarithmes discrets dans les corps finis, 2013.
URL : https://hal.archives-ouvertes.fr/tel-00925228

R. Barbulescu, P. Gaudry, A. Joux, and E. Thomé, A Heuristic Quasi-Polynomial Algorithm for Discrete Logarithm in Finite Fields of Small Characteristic, Eurocrypt, 2014.
DOI : 10.1007/978-3-642-55220-5_1

URL : https://hal.archives-ouvertes.fr/hal-00835446

E. Barker, W. Barker, W. Burr, W. Polk, and M. Smid, NIST Special Publication 800-57: Recommendation for Key Management, 2007.
DOI : 10.6028/nist.sp.800-57p2

D. J. Bernstein, How to find smooth parts of integers, 2004.

B. Beurdouche, K. Bhargavan, A. Delignat-lavaud, C. Fournet, M. Kohlweiss et al., A messy state of the union, IEEE Symposium on Security and Privacy, 2015.
DOI : 10.1145/3023357

URL : https://hal.archives-ouvertes.fr/hal-01114250

C. Bouvier, P. Gaudry, L. Imbert, H. Jeljeli, and E. Thomé, New record for discrete logarithm in a prime finite field of 180 decimal digits, 2014.

R. Canetti and H. Krawczyk, Security Analysis of IKE???s Signature-Based Key-Exchange Protocol, Crypto, 2002.
DOI : 10.1007/3-540-45708-9_10

A. Commeine and I. Semaev, An Algorithm to Solve the Discrete Logarithm Problem with the Number Field Sieve, PKC, 2006. [11] D. Coppersmith. Solving linear equations over GF(2) via block Wiedemann algorithm, p.62, 1994.
DOI : 10.1007/11745853_12

R. Crandall and C. B. Pomerance, Prime Numbers: A Computational Perspective, 2001.
DOI : 10.1007/978-1-4684-9316-0

B. Boer, Diffie-Hellman is as strong as discrete log for certain primes, Crypto, 1988.

W. Diffie and M. E. Hellman, New directions in cryptography, IEEE Transactions on Information Theory, vol.22, issue.6, pp.644-654, 1976.
DOI : 10.1109/TIT.1976.1055638

Z. Durumeric, E. Wustrow, and J. A. Halderman, ZMap: Fast Internet-wide scanning and its security applications, Usenix Security, 2013.

M. Friedl, N. Provos, and W. Simpson, Diffie-Hellman group exchange for the secure shell (SSH) transport layer protocol, 2006.
DOI : 10.17487/rfc4419

W. Geiselmann, H. Kopfer, R. Steinwandt, and E. Tromer, Improved routing-based linear algebra for the number field sieve, International Conference on Information Technology: Coding and Computing (ITCC'05), Volume II, 2005.
DOI : 10.1109/ITCC.2005.173

W. Geiselmann and R. Steinwandt, Non-wafer-Scale Sieving Hardware for the NFS: Another Attempt to Cope with 1024-Bit, Eurocrypt, 2007.
DOI : 10.1007/978-3-540-72540-4_27

D. Gillmor, Negotiated finite field Diffie-Hellman ephemeral parameters for TLS, IETF Internet Draft, 2015.

D. M. Gordon, Designing and Detecting Trapdoors for Discrete Log Cryptosystems, Crypto, 1992.
DOI : 10.1007/3-540-48071-4_5

D. M. Gordon, Discrete Logarithms in $GF ( P )$ Using the Number Field Sieve, SIAM Journal on Discrete Mathematics, vol.6, issue.1, 1993.
DOI : 10.1137/0406010

D. Harkins and D. Carrel, The Internet key exchange (IKE). RFC 2409, 1998.

T. Jager, K. G. Paterson, and J. Somorovsky, One bad apple: Backwards compatibility attacks on state-of-the-art cryptography, NDSS, 2013.

A. Joux and R. Lercier, Improvements to the general number field sieve for discrete logarithms in prime fields. A comparison with the gaussian integer method, Mathematics of Computation, vol.72, issue.242, pp.953-967, 2003.
DOI : 10.1090/S0025-5718-02-01482-5

URL : https://hal.archives-ouvertes.fr/hal-01102016

S. Kent, IP authentication header, RFC, vol.4302, 2005.
DOI : 10.17487/rfc4302

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

S. Kent, IP encapsulating security payload (ESP). RFC 4303, 2005.
DOI : 10.17487/rfc4303

URL : http://citeseerx.ist.psu.edu/viewdoc/summary?doi=

T. Kleinjung, Cofactorisation strategies for the number field sieve and an estimate for the sieving step for factoring 1024 bit integers, 2006.

T. Kleinjung, K. Aoki, J. Franke, A. K. Lenstra, E. Thomé et al., Factorization of a 768-Bit RSA Modulus, Crypto, 2010.
DOI : 10.1007/978-3-642-14623-7_18

URL : https://hal.archives-ouvertes.fr/inria-00444693

A. Langley, N. Modadugu, and B. Moeller, Transport layer security (TLS) false start, IETF Internet Draft, 2010.
DOI : 10.17487/RFC7918

M. Lipacis, Semiconductors: Moore stress = structural industry shift, 2012.

U. M. Maurer, Towards the Equivalence of Breaking the Diffie-Hellman Protocol and Computing Discrete Logarithms, Crypto, 1994.
DOI : 10.1007/3-540-48658-5_26

U. M. Maurer and S. Wolf, Diffie-Hellman Oracles, Crypto, 1996.
DOI : 10.1007/3-540-68697-5_21

N. Mavrogiannopoulos, F. Vercauteren, V. Velichkov, and B. Preneel, A cross-protocol attack on the TLS protocol, Proceedings of the 2012 ACM conference on Computer and communications security, CCS '12, pp.62-72, 2012.
DOI : 10.1145/2382196.2382206

C. Meadows, Analysis of the Internet Key Exchange protocol using the NRL Protocol Analyzer, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344), 1999.
DOI : 10.1109/SECPRI.1999.766916

H. Orman, The Oakley key determination protocol. RFC 2412, 1998.

S. C. Pohlig and M. E. Hellman, An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (corresp.), Trans. Inform. Theory, vol.24, issue.1, 1978.

J. M. Pollard, A monte carlo method for factorization, BIT, vol.29, issue.129, pp.331-334, 1975.
DOI : 10.1007/BF01933667

O. Schirokauer, Virtual logarithms, Journal of Algorithms, vol.57, issue.2, pp.140-147, 2005.
DOI : 10.1016/j.jalgor.2004.11.004

I. A. Semaev, Special prime numbers and discrete logs in finite prime fields, Mathematics of Computation, vol.71, issue.237, pp.363-377, 2002.
DOI : 10.1090/S0025-5718-00-01308-9

D. Shanks, Class number, a theory of factorization, and genera, Proc. Sympos. Pure Math, 1971.
DOI : 10.1090/pspum/020/0316385

S. Staff, Prying eyes: Inside the NSA's war on Internet security Der Spiegel, 2014.

W. Stein, Version 6.5) The Sage Development Team, Sage Mathematics Software, 2012.

E. Thomé, Subquadratic Computation of Vector Generating Polynomials and Improvement of the Block Wiedemann Algorithm, Journal of Symbolic Computation, vol.33, issue.5, pp.757-775, 2002.
DOI : 10.1006/jsco.2002.0533

P. C. Van-oorschot and M. J. Wiener, Parallel collision search with application to hash functions and discrete logarithms, Proceedings of the 2nd ACM Conference on Computer and communications security , CCS '94, 1994.
DOI : 10.1145/191177.191231

P. C. Van-oorschot and M. J. Wiener, On Diffie-Hellman Key Agreement with Short Exponents, Eurocrypt, 1996.
DOI : 10.1007/3-540-68339-9_29

D. Wagner and B. Schneier, Analysis of the SSL 3.0 protocol, 2nd Usenix Workshop on Electronic Commerce, 1996.

J. Wagnon, SSL profiles part 5: SSL options, 2013. https:// devcentral.f5.com/articles/ssl-profiles-part-5-ssl-options

L. Wikiinfo, Media leak

P. Wikiinfo, Media leak

V. Wikiinfo, Media leak

. Vpn-sigdev-basics, Media leak