I am teaching cryptography this semester for the second time (I taught it in Fall 2019) and will soon tell the students about the paper from 2015:
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. There are 14 authors.
The upshot is that as Diffie-Hellman was implemented in 2015, many cases were crackable. In summary (and probably too simple):
DH in a 512-bit group can be cracked by the authors
DH in a 1024-bit group they speculate can be cracked with nation-state resources.
Is this a big deal? If YES then what is being done, and if NOT then why not?
I have come up with some statements that I DO NOT KNOW if they are true, but I am ASKING you, to shed some light on the BIG DEAL or NO BIG DEAL question. (Note- Idea for a game show: BIG DEAL or NO BIG DEAL where contestants are asked if a news story is a BIG DEAL or not.)
So, please comment on the following question:
1) Since 2015 the people who use DH have upped their game and are now using bigger parameters. (I doubt this is true)
2) DH is mostly not used on things that hackers are not interested in, so this is not a big deal.
3) The expertise required to crack DH via this paper is rather difficult, so hackers don't have the skills.
4) This paper is not a problem for a bad reason: Hackers don't need to use the number field sieve DL algorithm when all they need to do is (1) guess that the pin numer is 1234 or the year the user was born (or close to it), (2) put on a uniform from Geek-Squad or some such organization and claim they are here to help, (3) exploit a known security flaw that the company has not bothered fixing.
5) The 14 authors have mysteriously disappeared. (I doubt this is true.)
(Misc: My spell checker thinks that Diffie and crackable are not words, but Hellman is.)