In a message I got through Glyn Moody, Mikko Hypponen noticed this claim from German intelligence agencies :

Ist die eingesetzte Technik auch in der Lage, verschlüsselte Kommunikation (etwa per SSH oder PGP) zumindest teilweise zu entschlüsseln und/oder auszuwerten?“

„Ja, die eingesetzte Technik ist grundsätzlich hierzu in der Lage, je nach Art und Qualität der Verschlüsselung

My rough translation of these sentences of the article he linked :

„Are the current techniques capable of at least partially deciphering encrypted communications such as SSH or PGP ?“

„Yes, the current techniques are basically capable of that, depending on the type and quality of the encryption“

Of course, the weakness of weak keys is not exactly news… But it is always interesting when major threats brag about it openly – so this is nevertheless a pretty good refresher to remind users to choose the most current algorithms at decent key length and expire old keys in due time.

It is also a reminder that today’s cyphers will be broken tomorrow: encryption is ephemeral protection… Secret communications require forward secrecy & anonymity – for example, XMPP chat may use a server available as a Tor hidden service, with the clients using Off The Record messaging.