Most Tor Keys May Be Vulnerable To NSA Cracking

Ars Technica reports that security researcher Rob Graham of Errata Security, after analyzing nearly 23,000 Tor connections through an exit node that Graham controls, believes that the encryption used by a majority of Tor users could be vulnerable to NSA decryption: "About 76 percent of the 22,920 connections he polled used some form of 1024-bit Diffie-Hellman key," rather than stronger elliptic curve encryption. More from the article: "'Everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys,' Graham wrote in a blog post published Friday. 'Assuming no "breakthroughs," the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.' He went on to cite official Tor statistics to observe that only 10 percent of Tor servers are using version 2.4 of the software. That's the only Tor release that implements elliptical curve Diffie-Hellman crypto, which cryptographers believe is much harder to break. The remaining versions use keys that are presumed to be weaker."

Guess who is funding Tor?

[hypnosec]

According to consolidated financial statements and reports of the Tor Project for the year ending December 2012, US Federal agencies are responsible for nearly sixty percent of funds received by the project. Tor has taken a defensive stand against this, but who knows?

Re:a few hours for one key would be good

[girlintraining]

If that speculation is right, that a billion dollars will buy hardware that takes a few hours to break one key, great. That would mean nobody is going to break MY key, and that al Qaeda's keys were broken soon after they started using them. Works for me.

I think you're looking at this backwards; They won't spend any money to break your key because you're worth zero dollars. What could you possibly be doing that would warrant the NSA's interest? You need to understand the organization; They primarily do signals intelligence, and they operate in a support role to other agencies, principally the CIA, FBI, and DHS.

The NSA simply logs the data and holds on to it until and unless something happens that makes analyzing that data a priority. They may record all cell phone calls, but they don't listen to them all. They may record all internet traffic, but they don't review all of it. In order for them to expend resources, there needs to be a reason. You could be using '1 bit' encryption and it would be as interesting to them as '1 million bit' encryption.

In security, your defenses need to be harder to break than the value of the thing being protected. Although Tor's encryption may be insufficient against a government, it is plenty strong for most everyday uses -- getting around corporate proxies, location-locked services (like shows the BBC offers, Netflix, etc.), and for proxying to Facebook. Yes, I use Tor to connect to Facebook... because I don't want them knowing where I am, and my IP address provides a wealth of marketing information to them. I also don't use my real name, but really, the main reason is just to piss in their data collection cheerios, not because I'm doing it to be 'anonymous' or 'super secure'. And this is what most people use Tor for; along with browsing bittorrent sites (though downloading is still direct...), and other things that they may feel uncomfortable with having a readily-accessible record of at their ISP's office (gay porn anyone?).

The NSA cares not for these activities. It's logged all the same, but until they say that, say, "the alias raymorris on slashdot indicated he may be in possession of classified materials" all that data just sits on a harddrive somewhere, waiting to expire. The NSA just waits for the phone call.

That said, a few hours to break one key is pretty petty for accessing your internet traffic or mine, but if Al Quaeda has a hidden service inside Tor they're using to communicate with, a secret website if you will... now those few hours' worth of electricity seem very, very worth it.

You've gotta understand that security is not an absolute; There is no "secure" versus "insecure". There is only no security, and then varying degrees of more security; And good security is when it costs more to break it than the value of the thing being protected. Great security is when that's true and the computer functions the way you expect.