Re: Is this a legacy problem
"2 seconds would be a long time to wait for each TLS handshake, but we could always pre-calculate keys at start-up. And, in a few years the time needed will drop to milliseconds"
As you say the weakness is in using very few built-in primes everywhere. One remediation, even without going to eliptic curves, would be frequent, say monthly, updates with new and maybe larger sets of built-in primes. According to the times given in the paper this should enable users to keep ahead of the NSA. Another would be to have servers running a background task searching for new primes so each server would be able to offer a different prime each time it was contacted.
Biting the hand that feeds IT
