Most Tor Keys May Be Vulnerable To NSA Cracking 236
Ars Technica reports that security researcher Rob Graham of Errata Security, after analyzing nearly 23,000 Tor connections through an exit node that Graham controls, believes that the encryption used by a majority of Tor users could be vulnerable to NSA decryption: "About 76 percent of the 22,920 connections he polled used some form of 1024-bit Diffie-Hellman key," rather than stronger elliptic curve encryption. More from the article: "'Everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys,' Graham wrote in a blog post published Friday. 'Assuming no "breakthroughs," the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.' He went on to cite official Tor statistics to observe that only 10 percent of Tor servers are using version 2.4 of the software. That's the only Tor release that implements elliptical curve Diffie-Hellman crypto, which cryptographers believe is much harder to break. The remaining versions use keys that are presumed to be weaker."
a billion dollars... (Score:2)
for how many chips?
Re: (Score:2)
Probably a LOT - silicon is cheap when you mass produce it, and while they may be custom, they are probably fairly trivial to design (either individually pretty small or easy to duplicate the core many times in one chip).
They're probably already cracking DES keys [wikipedia.org] in minutes...
Getting tired here (Score:3, Insightful)
The more I read of Slashdot (and to an extend Ars Technica), the less I want to continue reading. All it is these days is NSA, NSA, NSA. It's too damn depressing and what's worse, it's one of those situations where it's
(a) an intangable threat (you will probably never suffer directly because of what they're doing, but it still feels wrong)
(b) related to (a), it's something that the wider public doesn't know about and would be hard-pressed to convince is a threat without sounding like a looney
(c) cannot be overcome (moving to Linux for example doesn't change much if the network can still be tapped, and evidently TOR is now comrpomised), short of abandoning technology and reverting to primitive technology for, again, a hypothetical threat that will probably not ever affect us DIRECTLY, but still something we know shouldn't be happening.
I just want to read about science and technology, interesting shit. Seems impossible to do that anymore since clearly NSA stuff rates rather highly.
TL:DR - what's the point of knowing how evil things are if tangible, WIDESPREAD changes aren't going to happen due to our lack of power? You just become miserable, while everyone else is (relatively) happy because they don't know. There's a reason ignorance is bliss is a saying.
Re: (Score:2)
Nobody is forcing you to read the articles. You're welcome to stick your head in the sand or cover it with a towel at any time.
Re: (Score:2)
"Cry for help?"
I didn't see any "cry for help", just someone whining about the quality of the stories on slashdot.
Again.
Re:Getting tired here (Score:5, Insightful)
I think their point is that Slashdot (and presumably most tech sites at the time) focused more on tech, developments, hard science and whatnot. Now it's basically more about the politics that goes on in tech, such as data mining, surveillance and patent wars. Sure, the stuff being talked about is serious and worth covering, but it dominates coverage these days and the balance doesn't seem to be there anymore.
Also, if you are a fan of a site, you SHOULD piss and moan about the quality of the articles and discussion. The only reason you'd bother is if it was once great and has devolved, and you're not pleased by it. There seems to be this impression that making noise and complaints about something is a BAD thing. No wonder things are getting worse.
Re:Getting tired here (Score:4, Interesting)
Hackers can't afford to be apolitical anymore. It's what brought us to the current situation.
Re:Getting tired here (Score:5, Insightful)
I'm going to take a stab at empowering you.
We're in a long term fight for human freedom. Long term means you may have to influence people now who can just possibly help us, or at least you, ten or twenty years down the road. Pick people who are running for minor or local offices, and need a little help, whether it's contributions or getting out the vote or going door to door. You don't have to spend a fortune or put in fifty hours a week on top of your day job to be remembered as one of those people who helped congressman X get his start in politics.
Write letters - you'ld be surprised how many seemingly major pieces of legislation draw two or three letters as they are up for debate, and how getting letters from as few as 10 or 20 people may make a congressman suddenly vote the way he now thinks the vast majority of his constituents want him to vote. Senators and Representitives may see 10,000 e-signatures on a stock electronic petition, but don't usually see even 10 actual letters. A letter thanking them for having done the right thing after it's over is even rarer.
Focus on the persons who seem like they have a good chance of making it to higher office eventually. Find out what a Farley file is, and make sure you end up in a few, in a positive way. Work on your spelling and grammer - An eloquent nutcase may be able to pass as a mainstream voter, but a mainstream voter who writes in all caps and spews sentence fragments, can definitely say something eminently sensible and still be labled a nutcase.
Here's a link for Farley Files. Politicians who make it to high office just about invariably use these, so it's always helpful to know about them. Learning to watch for signs a candidate uses the system is a way of spotting the ones who will go high enough they may someday be able to address issues like the NSA programs. It's also useful to consider in judging what a politician truly considers important rather than what he says in prepared speeches - that is, if he or she is using a file, what do they focus on.
http://en.wikipedia.org/wiki/Farley_file [wikipedia.org]
Re:Getting tired here (Score:5, Insightful)
So every new story adds to work mentioned in the past. In 30 years this would have been amazing news.
Getting all this crypto and telco news now is going to allow some very creative people to release some new software and hardware.
Re:Getting tired here (Score:5, Insightful)
I just want to read about science and technology, interesting shit.
I feel your pain, but unfortunately, if the NSA/intelligence complex truly can not be reined in (and I'm not optimistic that it can be), I think you're looking at the dark ages for any science or tech that doesn't serve their purposes.
Someone posted the following citation at the New York Times yesterday, which really struck a nerve with me:
"The man who is compelled to live every minute of his life among others and whose every need, thought, desire, fancy or gratification is subject to public scrutiny, has been deprived of his individuality and human dignity. Such an individual merges with the mass. His opinions, being public, tend never to be different; his aspirations, being known, tend always to be conventionally accepted ones; his feelings, being openly exhibited, tend to lose their quality of unique personal warmth and to become the feelings of every man. Such a being, although sentient, is fungible; he is not an individual." Bloustein, Privacy as an Aspect of Human Dignity: An Answer to Dean Prosser, 39 N. Y. U. L. Rev. 962, 1003 (1964).
Don't think for one second that this is an intangible threat. The people who blissfully ignore or accept it are exactly the people who won't be doing the paradigm shifting science or creating disruptive technologies. The people who would do those things are stuck with the same choice you state: acknowledge a really sucky situation and face being miserable, or ignore it as 'intangible' and go about their day, and just focus on uncontroversial science and tech that won't get them in any trouble. Can that possibly be a good thing?
Translation: Don't scare me! (Score:3)
Allow me to rest my hand in the sand and then complain like a bitch when I am run over by a lorry. Because someone else should have been saving the world while I looked the other way.
Re: (Score:2)
You don't need to use hyperbole. There's a lot of good in the world, but there's also a lot of bad. News sites have a predisposition to continually pump bad news, even though the NSA stuff is only one element in what's happening in the world. If people get their fix on tech news from sites such as Slashdot, and said sites fixate on all the shit that's happening, then of course people are going to become miserable. Because there's basically nothing we can do to stop it. We have no power.
If you're arguing tha
Re: (Score:3)
Re: (Score:3)
Re: (Score:3)
All it is these days is NSA, NSA, NSA.
I count 22 stories today (friday). At most 4 are NSA, and that's stretching it (epic browser isn't more about commercial trackers than government and Iran/Syria interception is only speculatively nsa). So ~15% NSA stories really isn't that overwhelming.
Re: (Score:2)
Go here:
http://science.slashdot.org/
Re: (Score:2)
All it is these days is NSA, NSA, NSA.
You have a uid of >3,000,000 and you are complaining about "these days" as though you have been here a long time. Just go back to wherever you came from, a week or so ago.
Re: (Score:2)
Re: (Score:2)
This is a wonderful time for many people interested in tech, something beyond the consumer grade new product ad/news/cult.
a few hours for one key would be good (Score:5, Interesting)
If that speculation is right, that a billion dollars will buy hardware that takes a few hours to break one key, great. That would mean nobody is going to break MY key, and that al Qaeda's keys were broken soon after they started using them. Works for me.
Re:a few hours for one key would be good (Score:5, Interesting)
If that speculation is right, that a billion dollars will buy hardware that takes a few hours to break one key, great. That would mean nobody is going to break MY key, and that al Qaeda's keys were broken soon after they started using them. Works for me.
I think you're looking at this backwards; They won't spend any money to break your key because you're worth zero dollars. What could you possibly be doing that would warrant the NSA's interest? You need to understand the organization; They primarily do signals intelligence, and they operate in a support role to other agencies, principally the CIA, FBI, and DHS.
The NSA simply logs the data and holds on to it until and unless something happens that makes analyzing that data a priority. They may record all cell phone calls, but they don't listen to them all. They may record all internet traffic, but they don't review all of it. In order for them to expend resources, there needs to be a reason. You could be using '1 bit' encryption and it would be as interesting to them as '1 million bit' encryption.
In security, your defenses need to be harder to break than the value of the thing being protected. Although Tor's encryption may be insufficient against a government, it is plenty strong for most everyday uses -- getting around corporate proxies, location-locked services (like shows the BBC offers, Netflix, etc.), and for proxying to Facebook. Yes, I use Tor to connect to Facebook... because I don't want them knowing where I am, and my IP address provides a wealth of marketing information to them. I also don't use my real name, but really, the main reason is just to piss in their data collection cheerios, not because I'm doing it to be 'anonymous' or 'super secure'. And this is what most people use Tor for; along with browsing bittorrent sites (though downloading is still direct...), and other things that they may feel uncomfortable with having a readily-accessible record of at their ISP's office (gay porn anyone?).
The NSA cares not for these activities. It's logged all the same, but until they say that, say, "the alias raymorris on slashdot indicated he may be in possession of classified materials" all that data just sits on a harddrive somewhere, waiting to expire. The NSA just waits for the phone call.
That said, a few hours to break one key is pretty petty for accessing your internet traffic or mine, but if Al Quaeda has a hidden service inside Tor they're using to communicate with, a secret website if you will... now those few hours' worth of electricity seem very, very worth it.
You've gotta understand that security is not an absolute; There is no "secure" versus "insecure". There is only no security, and then varying degrees of more security; And good security is when it costs more to break it than the value of the thing being protected. Great security is when that's true and the computer functions the way you expect.
that's my point (Score:3)
That's my point. They won't spend any money tracking me. Well, not more than about $10-$50, since I'm pretty sure I'm on a list or two. They WILL spend money tracking whoever appears to be the next bin Ladin. Cool. I'd like them to be able to track bin Laden, while it's not anywhere near worth it to track me.
If I were using "1 bit encryption" they WOULD break it. They proof of that is that they DO track people who use 0 bit (plain email, phone). That's bad. I prefer that everyone use encryption enough
Re: (Score:2)
They WILL spend money tracking whoever appears to be the next bin Ladin.
Or the next presidential candidate promising to cut their budget.
Re: (Score:2)
The NSA simply logs the data and holds on to it until and unless something happens that makes analyzing that data a priority.
This is why it's important that web servers enable ECDHE key agreement, which provides forward secrecy. Basically, the only way to penetrate it is to mount a man-in-the-middle attack in real time. Recovering the server's private key later does not provide the ability to decrypt stored traffic.
Re: (Score:3)
Re: (Score:3)
You missed the point: the NSA likely has the capacity to break systems which SHOULD provide forward secrecy, as long as the key size is sufficiently small, for example 1024-bit Diffie-Hellman.
No, you missed the point. It is, perhaps, a subtle point, because the meaning of "forward secrecy" isn't obvious. Let me explain.
Having the ability (assuming they do) to crack 1024-bit keys does not give them the ability to read very much of the world's traffic because even if they can crack each key in a few hours, there are way too many keys. girlintraining said that they address this by capturing and storing all of the encrypted traffic so that at some later point in time when they realize they need to
Re:a few hours for one key would be good (Score:5, Insightful)
I disagree with your assertion that since you're not a terrorist, the NSA has no interest in you and/or what you do. Law enforcement tools are always used to their fullest extent. I mean, it makes sense; law enforcement is a bit hamstrung by rights guaranteed under the constitution - they will use whatever tool is at their disposal to get their job done.
Whether or not you were investigated when the system was new is irrelevant to what law enforcement has started (or will start) using these systems. Also, to obtain a FISA warrant for an investigation related to terrorism is quite trivial and open to interpretation. Any evidence discovered of other crimes in that warrant is usable in court. I have seen it first-hand while siting on a federal jury last summer. A US khat-selling ring's sending money overseas was investigated by DHS due to concerns about possibly funding terrorism. It wasn't, but the multi-million dollar investigation had to net something - so I sat on a jury for 5 weeks and sifted through mountains of wiretap transcripts so the federal government could incarcerate a bunch of taxi cab drivers who wanted to chew some khat so they could work a little later and make a little bit more money.
I hate to be the slippery slope guy...but this is typical. It's only a matter of time until these law enforcement tools are used on a wholesale basis (if they aren't being already). After reading about the extremes that the Soviets would go to under Stalin (if you were being investigated, you must be guilty of something), I feel like I have a fair understanding for how far things can go. I'm not suggesting that America is going that way...but why give her the chance, especially when we can do something now? Why not start setting some limits on this stuff? I think that the risks of what's going on outweigh the benefits. Is it unreasonable to do an honest analysis of the real risks of terrorism against the security measures that our government is putting in place?
Re:a few hours for one key would be good (Score:5, Insightful)
I disagree with your assertion that since you're not a terrorist, the NSA has no interest in you and/or what you do. Law enforcement tools are always used to their fullest extent.
National security agencies will use their tools not only against criminals, but against their political enemies who are engaging in Constitutionally-protected activities. For example, J. Edgar Hoover used to tap Martin Luther King's telephones, and then spread personal information about King's sex life to try to harm the integration movement.
Or a recent example. Eliot Spitzer was the Democratic governor of New York, and he was an effective governor who was aggressive about shaking things up. Banks have to report every transaction by every customer of $10,000 or over to federal authorities, and every transaction under $10,000 that looks "suspicious." So the feds get this huge flow of reports. One of the reports was on Spitzer. They investigated and found out as the result of this fishing expedition that he had used an escort service, which was probably legal and almost never prosecuted. Nonetheless, the Republican Attorney General decided to prosecute Spitzer for this, and leaked his name to the press. The Republican AG offered Spitzer a "deal" -- if the effective Democratic governor resigned, the Republican AG wouldn't prosecute him. Spitzer resigned, and was replaced by David Patterson, who didn't want the job and nobody, including Patterson, thought was qualified.
So there you have a partisan use of confidential information that a federal agency got through its financial monitoring process, that a Republican AG used to get rid of an effective Democratic governor.
The more electronic monitoring we have, the more it will be used improperly by politicians to damage their enemies.
Re: (Score:2)
Is it unreasonable to do an honest analysis of the real risks of terrorism against the security measures that our government is putting in place?
No, it's damned reasonable. So reasonable the president himself was saying we need an evaluation of what's happening.
He, however, was unwilling to provide any detail, leaving that sort of discussion relegated to the paranoid, and the people probably selling, buying or using this info-arsenal (think that's as good of term as any).
Snowden helped out there, and overall I think his revelations helped America more than they harmed.
Obama had no clue how open of a discussion would be going on.
Re: (Score:2)
The real trick is what gets you noticed... the web 2.0 'jokes' seem to point to not much at a federal, state or city level.
vs a book on a political dynasty or a history of cryptography with new interviews on wars of the past 10~20 years...
The fact that random posts are found so fast seems to point to some very robust, cheap and quality code in constant use below the federal level.
Re: (Score:2)
It would be kind of OK if that was true.
But you are wrong, because they don't have the resources to keep ALL that traffic data. They get a LOT of traffic data.
In at least the UK they got a copy of all traffic going through a bunch of undersea cables and Germany they basically get a port-mirror from certain transit providers.
So they have a computer to look at the data to find 'interesting' stuff.
Then they store it for up to a couple of weeks. Until a request comes in for some information and a human queries
Re: (Score:2)
There is a problem with your, urm, political philosophy: If the government is even a tiny bit short of being perfectly rational and fair, the net effect of all that desire to store information from absolutely all communications will become monstrous. Before long, it will resemble a kind of absolute power and so will attract the most corrupt.
No, the NSA can't afford to 'go after' everone at the same time. But like some perfect archetype of the fishing expedition, they can go after anyone at any given time.
You've gotta understand that security is not an absolute;
Th
Re:a few hours for one key would be good (Score:5, Informative)
This is not an hypothetical case. In my last job we were in direct competition with IBM and were exchanging crucial pricing information through email. There has been precedents of ECHELON being used to gain economic intelligence (google "echelon airbus boeing" to learn about that)
Re:a few hours for one key would be good (Score:5, Interesting)
This is not an hypothetical case. In my last job we were in direct competition with IBM and were exchanging crucial pricing information through email. There has been precedents of ECHELON being used to gain economic intelligence (google "echelon airbus boeing" to learn about that)
Oh please. Every government engages in industrial espionage. The French are so well known for it that CEOs for pharmaceuticals that check-in to local hotels are told not to use the fax machine or internet there, and to keep their laptops in their room, and to bring their own locks to secure it and not use the hotel safe or in-room safe as the cleaning crew often isn't the usual maid service. I mean, this is SOP. Not that I'm picking on the French -- they're only guilty of being particularly bad at doing it covertly, but everyone does it.
One does not need ECHELON to spy on a company. Hell, showing up to replace a printer in slacks and an official-looking work order is usually enough to get into a building... and having a rigged printer that records all the jobs sent to it is a nice opener. Following up with a power strip with its own wifi, mini computer, and cat5 pass-thru is a good follow-on. Why do people assume you need satellites and taps on hundreds of internet routers all over the world to do this?
And don't underestimate blackmail, human stupidity, or the CEO's penchant for keeping a post-it note with his password on his computer, trusting that his secretary and security staff would neeeeever let anyone in who wasn't supposed to be there.... and of course, nobody ever takes bathroom breaks while watching the CEO's office over lunch time.... -_-
And as a bonus... most corporations record all e-mails to monitor their employees. Amusingly... these systems are usually less secure than the ones they're tapped into. So if you don't have the money to bring your own equipment... they're usually nice enough to provide it for you.
Re: (Score:3)
Ok, so I live in Netherlands. The US is wiretapping most of the worlds traffic, and the excuse is that all governments do this? No they are not. I really don't think Dutch intelligence services are spying on IBM to get better deals for companies. There are a handful of countries that do this shit at a bigger scale, and all of them should stop. This is no way to treat the citizens of other countries, especially if there is no national security issue.
Frankly, the only thing I've heard about this that is more
Re: (Score:2)
So you work in pharmaceuticals?
Re: (Score:2)
This is not an hypothetical case. In my last job we were in direct competition with IBM and were exchanging crucial pricing information through email. There has been precedents of ECHELON being used to gain economic intelligence (google "echelon airbus boeing" to learn about that)
Oh please. Every government engages in industrial espionage. The French are so well known for it that CEOs for pharmaceuticals that check-in to local hotels are told not to use the fax machine or internet there, and to keep their laptops in their room, and to bring their own locks to secure it and not use the hotel safe or in-room safe as the cleaning crew often isn't the usual maid service. I mean, this is SOP.
So because everybody does it, it should be legal and I should accept it when my own country does it to me, without even a national security interest?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
No, the first piece of hardware to break a key in a few hours costs a billion dollars. The next million of them off the assembly line cost two bucks each.
billion dollar terrorists, yeah (Score:4, Insightful)
Yeah, actually if someone is bad enough to make the NSA's top 10 list, it'd probably be good for someone to be reading their email. I have a BIG problem with the fact that the NSA is tracking everyone's emails and phone calls. I've contacted my congressman about that more than once, calling them out very publicly.
The top NSA agents know who the really bad guys are, the guys who will probably be involved in the next 9/11. Maybe they can't publicize the intelligence that proves it, maybe they are missing a few details, but we knew who bin Laden was. I'm fine with invading their privacy.
But but but if they invade anyone's privacy, they'll invade everyone's privacy. If we let them, yes. Ideally what we want is systems, including budgets and oversight, which only allow them to spy on a few people, so they have to pick which ten people they really do need to spy on.
Re: (Score:2)
Yeah, actually if someone is bad enough to make the NSA's top 10 list,
If they can break keys in "a few hours", you don't have to make their top 10 list for them to break your key. "A few hours" per key = a few thousand keys per year. With most targets staying under scrutiny for multiple years, this means you probably only have to be in the top 10,000 to have your keys cracked. I'd imagine it's fairly easy to end up there by mistake.
Re: (Score:3)
The enemies these days are good at blending in.
Too good if you ask me. In fact, the "enemies" now look just like passionately patriotic citizens who wish to protect their country's constitution, as they so swore.
It makes you wonder who the real enemies are...
Guess who is funding Tor? (Score:5, Interesting)
Re:Guess who is funding Tor? (Score:5, Interesting)
According to consolidated financial statements and reports of the Tor Project for the year ending December 2012, US Federal agencies are responsible for nearly sixty percent of funds received by the project. Tor has taken a defensive stand against this, but who knows?
Tor was created by the US Air Force. Surprise, surprise, they still want to fund it. Sooo, why did they create Tor? Well, as it turns out, we've got this massive high speed satellite and ground network we use for military purposes, which basically amounts to a compartmentalized version of the internet. And within that, because soldiers are away from home for months or years at a time, they decided to offer internet access to them. Often they're on board carriers, or deployed in places where a direct hookup isn't really feasible. And they want to make sure that all that traffic isn't pouring out at locations that can be easily monitored... because as much as operational security is drilled into soldiers, loose lips sink ships and all, they're still human. They can screw up.
So they needed some way of giving them internet access without making it pathetically easy for foreign powers to simply tap a couple key routers and see everything any soldier browses (Facebook anyone?)... Enter Tor.
Tor has over 13,000 exit nodes all over the world. And it's expensive to monitor every node. Not only that, but you have no idea where in the Tor network the traffic originated from -- is this J. Random Soldier, or Closet Gay Guy Looking At Porn? Noooobody knows. It wasn't meant to be high security. It's not meant to be totally anonymous; It's meant to make it difficult for small-time players like, say, Iran, to spy on our soldier's personal communications. Because this has happened, and it has killed people; A cell phone left on in a soldier's pocket during an operation led to the death of a half dozen marines when enemy combatants used the signal to figure out when they were leaving base... and they planned an ambush.
So Tor will be funded by our government for the conceivable future, and they have a vested interest in maintaining the security of the network to the point that it would cost an adversary more to 'break' the network than the intelligence value of the soldiers' personal internet browsing.
Does this worry me? Nope. Tin foil hat time? Not a chance. Don't use Tor for high value communications. But then... that goes for the public internet as well. If you want to secure high value communications, you build your own VPN, and then add code to have it transmit/receive at a constant rate to deter traffic analysis. Which, coincidentally, is what most financial institutions these days do.
Re: (Score:2)
"A cell phone left on in a soldier's pocket during an operation led to the death of a half dozen marines when enemy combatants used the signal to figure out when they were leaving base... and they planned an ambush."
Citation?
Re: (Score:2, Interesting)
"A cell phone left on in a soldier's pocket during an operation led to the death of a half dozen marines when enemy combatants used the signal to figure out when they were leaving base... and they planned an ambush."
Citation?
You won't find one. Another example; Stealth bombers are really great at being stealthy until they're over the target and open the bomb bay doors. Then they're as visible to radar as flying barns. Which is why usually, ahead of the actual strike, a HARM missile is deployed. It's not actually a missile though, but rather a high altitude bomb that, when released, deploys a parachute and sits over the target looking for active radar signatures. When it finds one, off goes the parachute and on comes GPS-guided
Re: (Score:2)
I know about the microwave one, but surely flipping the radar on won't help: by the time the microwave has been destroyed, the stealth bomber will have long closed it's bomb bay doors and gone back to being stealthy.
You still have the problem that the expensive missile destroyed a $10 microwave and failed to clear the air for less stealthy planes.
Re: (Score:3)
An interesting rebuttal to the microwave oven anecdote, specifically during the Serbian war:
http://msgboard.snopes.com/cgi-bin/ultimatebb.cgi?ubb=get_topic;f=48;t=000208;p=0 [snopes.com]
Re:Guess who is funding Tor? (Score:5, Informative)
Re: (Score:2)
The best use would be for NGO and 'colour revolution' types in distant lands that the US feels are ripe for regime change lite.
With the Western training camps filled with banners, slogans, stickers, web 2.0 efforts ready to go back to the home country and seem like a local grass roots issue.
The pretty 20 something English speaking locals who can get on youtube/the 24h news cycle and sell a US funded revolution back to the world....
Tor would have protected them from most forms of Stat
Re: (Score:2)
A VPN connection going back home would be the most efficient solution to that problem. If you are really paranoid you set it up such that the endpoints send a constant stream of equal sized packets to each other, regardless of whether you have any data to send over the VPN connection.
At least I2P is independant (Score:2)
There are a lot of reasons to use it over Tor.
duh (Score:3)
1. Us government creates Tor.
2. Us government can audit Tor traffic.
Who exactly is surprised by this??
The real concern... (Score:2)
...that I have is not with the NSA being able to crack some platform's encryption. TOR after all was a product of some part of the DOD at least in part in response to the great firewall in China, though it's been through some itterations since.
My concern is that there's likely to be far greater money available from people willing to make use of collections of cracked keys outside of the news sector, than there is within it. That tells me that it's far more likely that someone working at the NSA is likely to
Re: (Score:2)
Wow, three straw man arguments aimed at derailing the conversation in one response. You're good.
My comment refernecing both Manning and Snowden had nothing to do with comparing either, or with the validity of the security level what they shared was, or should have been.
Simply stated, someone thought that the level was appropriate to convict Manning, whether it was drivel or not, and someone has considered that the material Snowden has shared is sufficient to generate far more publicity regarding searching f
About Tor versions (Score:5, Informative)
Re: (Score:2)
What's more, this analysis is very fresh. Remember that right now huge chunks of Tor traffic appear to be botnet control circuits. The botnet runs on 0.2.3.x - so that's going to bias the sample somewhat.
BTW - not surprised to learn that Linux distributors are screwing their users with stale repos yet again. Anyone who is using distributor repositories to get security sensitive software is just asking to be compromised.
an opportunty (Score:2)
Various hardware architectures, various OSs, encryption approaches, etc. which are talking to each other via open clear protocols.
Let my computer be less sleek or cool but it should me my computer and my software.
Schneiers most recent comment.... (Score:5, Informative)
Bruce Schneier http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-nsas-cryptanalytic-capabilities/ [wired.com] stated that "Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily."
I'd not rush from DH to ECC but would strongly recommend a move to 2048-bit or above keys
And have just realised that I haven't posted to Slashdot for many years...And yet somehow my .sig is still relevant. NSA may have dropped their plans for mandatory Escrow 15 years ago after the quote was made...but they didn't change the fundamental goal: to read everything.
Re: (Score:2)
Bruce Schneier http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-nsas-cryptanalytic-capabilities/ [wired.com] stated that "Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily."
This is most probably correct, given the proof of the Taniyama–Shimura–Weil conjecture, thus proving Fermat's last theormen, and resulting in the establishment of the Modularity Theorem. On a related note, isn't 25519 a rational number? Meaning elliptic curve 25519 has a modular form? Meaning that Tor's choice of curve is rather subject to modular attack?
Just saying...
Re:well (Score:5, Informative)
Just use bigger DH, with better cipher. AES-256? Maybe. Twofish? OK.
Bruce Schneier himself advises avoiding elliptic-curve, as being intellectually tainted by the spooks. [theguardian.com]
Re:well (Score:5, Insightful)
I recommend a "zero time pad" : if you want it secret, don't put it on a computer.
Re: (Score:2)
you be flip, but seriously. it's called "signals intelligence" for a reason. if you don't want it taken, don't transmit it over the internet. I'd say an airgapped desktop or laptop is still fine, tho.
Re: (Score:2)
I recommend a "zero time pad" : if you want it secret, don't put it on a computer.
I disagree. A computer may be a lot safer than... what else do you propose? But never connect it to the internet, so remove wifi and ethernet from the hardware, and I think you're good. Install a linux distro that you can trust, use usb-sticks to transmit files, use Truecrypt etc, and what are you going to do on that computer anyway? Just wondering for myself what I would be doing on a computer like that....
Or.... has it come this far that the NSA has manufacturers build in 3G chips that we don't know of?
Re:well (Score:4, Interesting)
Just use bigger DH, with better cipher. AES-256? Maybe. Twofish? OK.
Bruce Schneier himself advises avoiding elliptic-curve, as being intellectually tainted by the spooks. [theguardian.com]
that's what they want you to think.
Re: (Score:3)
that's what they want you to think.
That's what they want you to think.
Re: (Score:2)
Bruce Schneier himself advises avoiding elliptic-curve, as being intellectually tainted by the spooks. [theguardian.com]
I didn't see any such recommendation in the linked article. However, there is a comment in this article [theguardian.com] in which he does make such a statement. Schneier seems to have reversed himself on advocating the use of elliptic-curve ciphers. [schneier.com]
Re:well (Score:4, Informative)
He hasn't reversed himself from that link you cited - he was just pointing out an NSA recommendation, and was against it then, as well. See his comment to a poster further down:
Bruce Schneier September 30, 2005 11:39 AM
"'Elliptic Curve Cryptography provides greater security and more efficient performance than the first generation public key techniques'
"But ECC was less researched than the others algorithms!"
I agree with you, not the NSA.
Re:well (Score:5, Informative)
We certainly need more research, but it looks like an RC4 complete break (that would be the big, recent breakthrough - would love to see the details, now we know about it) and 1024-bit RSA keys are the meat and potatoes of BULLRUN. And since PCI Compliance for a while advised everyone to use RC4 as a workaround to the BEAST attack... yeah. NSA. Bastards.
They set the constants for all of the NIST curves, however. And if they have a SHA-1 preimage (and it's their algorithm they no longer even recommend, so they might) then they could set them any way they wanted. Or just try repeated phrases until they got bit patterns they were after. prime256v1/secp256r1 and all that jazz? We can't trust them anymore. They're NSA-derived - and the way it turns out they've been behaving, we therefore assume that they ARE backdoored, even if they use them themselves.
The curve Tor uses is curve25519. That is not NIST-derived, NSA didn't pick parameters out of a hat for that one: DJB made it independently. It's been designed, and the reasons for the choices thoroughly explained. It's extremely fast due to its structure, it's good even through the twist, the implementation is so careful that it's constant-time to avoid timing attacks, and we have a rough idea how strong it probably is (around 2^110-ish). Ed25519 is also similarly good and makes a great signature scheme (and you could do DH with it better as well), although you probably don't want to use SHA-512 with it anymore, because NSA - Skein-512-512 is probably the way to go. I don't trust NIST's choices anymore. They are ALL NSA, and thus ALL potentially-tainted.
Unless elliptic curves in general are crackable, which would be quite a wheeze, and of course a possibility. Certicom (NSA) have been doing those for a long time: but the 25519 curves are the product entirely of civilian mathematical research, at least. For now, Schneier is spooked and notes RSA still works fine, if slowly, and maybe bigger keys... 3072-bit? 4096-bit? Against an adversary like this - and it's clear that they consider EVERYONE an adversary - we need the margin.
I note DSA and ECDSA really need strong random numbers for every signature (see fail0verflow's Sony crack for a practical exploit), and GCM fails quicker than it should with non-random keys. Reasonable conclusion: subtle RNG backdoors. We should keep a special look-out for those. Other choices exist which aren't similarly affected (particularly, Ed25519 does not need random numbers per-signature, neither does RSA, although RSA blinding does).
What next? AES-128-CCM use in TLS, perhaps, or OCB-AES-128? (Note I'm specifically NOT recommending AES-256/192 because of the meet-in-the-middle attack - I'd rather move to TWOFISH-256.) Ed25519 DH in TLS? All commercial CAs are toast, the model has been so thoroughly subverted that it can't possibly continue to work. What about DNSSEC? Could do the job. But we can't trust the US to manage the internet anymore. We're meeting in November to see what we have to do: maybe if we remake it used good RSA or Ed25519 keys and take the hands of the root out of ICANN, because ICANN is the US and the US has spectacularly demonstrated it cannot be trusted to manage anything, probably no country can... which means, perhaps, it's time to dig the root KSK revocation key out of mothballs: if there's no trust, there's no point. We're going to need a treaty, a .INT. This isn't a quick-fix.
Re:well (Score:5, Informative)
Wrong Guardian Schneier link. :-)
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance [theguardian.com]
From Item 5:
"Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can."
Re: (Score:2)
So, I just checked the I2P encryption page [i2p2.de] and it says they use 2048 ElGammal (which is log-based, as Schneier mentioned) for public key crypto. I think this means I2P could be safer from the NSA than Tor.
Re: (Score:2)
No. He wrote this.
Re: (Score:3)
He said exactly that some ECC curves have suspicious origins, and one shouldn't trust them. What he didn't say is that all of ECC is suspicious, or that he knows anything with certainty.
Anyway, it's easier to use RSA with a larger key than to investigate each ECC curve you are thinking about using. But that's just my opinion.
Re: (Score:3)
Re: (Score:2)
Re:Question: multi-layer encryption (Score:4, Informative)
**This message has been encrypted twice with the ROT13 method**
specifically, HASHING multiple times weakens it (Score:2)
To be specific, a hash or signature should only be done once. A DES hash of an MD5 hash is weaker than either DES or MD5, for example.
There is a small exception to the above. Running multiple rounds of the SAME algorithm in a very specific way can sometimes make it slightly more secure against one particular type of attack - brute force. That's a narrow exception, though.
Re: (Score:2)
To be specific, a hash or signature should only be done once. A DES hash of an MD5 hash is weaker than either DES or MD5, for example.
There is a small exception to the above. Running multiple rounds of the SAME algorithm in a very specific way can sometimes make it slightly more secure against one particular type of attack - brute force. That's a narrow exception, though.
I use Keepass. It has an option encryption rounds [keepass.info]. I thought this meant the encryption is applied 5000 times:
To generate the final 256-bit key that is used for the block cipher, KeePass first hashes the user's password using SHA-256, encrypts the result N times using the Advanced Encryption Standard (AES) algorithm (called key transformation rounds from on now), and then hashes it again using SHA-256.
Re: (Score:2)
To generate the final 256-bit key that is used for the block cipher, KeePass first hashes the user's password using SHA-256, encrypts the result N times using the Advanced Encryption Standard (AES) algorithm (called key transformation rounds from on now), and then hashes it again using SHA-256.
That's a fairly meaningless description, because it doesn't tell you with what key the hash of the key is "encrypted".
Using a block cipher instead of extensive repeated hashing is not a bad idea in general, because in contrast to hashing it is guaranteed not to loose entropy. However, the password also needs to be salted.
Re: (Score:2)
Which is better marketing than cryptography. To make it REALLY secure, they could add another step, hash it using this function:
function slashHash() {
return('a');
}
You could never predict the result if they added slashHash to the sequence! :; Note that it doesn't matter if you put slashhash as the last step, the first step, or anywhere in the middle - the whole thing is broken if you have a breakable step anywhere in the procedure.
In the case of KeePass, it's not THAT bad because the thing they
Re: (Score:3)
I thought this meant the encryption is applied 5000 times:
People choose crappy passwords like ABCDE so rather than using "ABCDE" as the encryption key (which wouldn't look very random at all and therefore be very bad) for encrypting the content, the password is hashed to something that hopefully looks random, then that hash is used as the key for encryption.
The purpose of repeating that hashing process is to slow down brute force guessing against your password itself, not to protect the contents from crypta
Re: (Score:3, Informative)
Re: (Score:2)
If I remember correctly, there is a proof for Triple Encryption with Minimum Keys (TEMK) that shows that if you encrypt three times with two independent keys, it will be at least twice as secure as one encryption with one key. The keys must be completely independent, though, derived from two different high-entropy passphrases or random keys that are long enough.
Anyway, encrypting twice with the same key can make it less secure, as others have pointed out. Increasing the rounds of a block cipher might be a b
Re: (Score:3)
Not necessarily. In many cases, double encrypting it will not make it at all harder to crack, it will just effectively encrypt it with a composite key no more complex than either of the keys you used.
Re: (Score:2)
It pretty much depends on whether your encryption algorithm may have an alternate key kz where decrypt(k1,decrypt(k2,ct)) = decrypt(kz,ct) and especially where that alternate key may be derivable from the other keys kz=f2(k1,k2)
As an example, consider xor: (plaintext xor key1) xor key2 is equivalent to plaintext xor (key1 xor key2), thus kz is (key1 xor key2).
Re: (Score:2)
No, it's twice as hard (CPU-wise) if the *same* key is used for each pass. If two completely different keys are used it would generally be equivalent to a key twice as long.
For example, 3DES uses 3 56 bit keys, with OUTPUT = encrypt(decrypt(encrypt(INPUT, K1), K2), K3) if you use the same key for each step it's only going to take 3x longer to test. If you use 3 different keys, it's nominally equivalent to 56x3 = 168 bits, though MITM attacks can make it effectively 112 bits. Still way WAY more than 2x t
Re: (Score:2)
Eh, never mind, I was assuming something like 2-key 3DES... if you just encrypt twice, sure. Though I guess the point is the "2x" is not because it's inherently "multiply by the number of encryption steps", but because of specific attacks that make it ineffective...
Re:Other than a few uber nerds (Score:5, Insightful)
What's this "have to hide" bullshit? What if you want to hide? A large percentage of the population are introverts, and a significant proportion of both those (among others) don't have any desire to share anything personal with anyone, at least aside from those they choose to. Some people like privacy, like anonymity, like not being seen by others. Hell - I get a serious case of anxiety if someone is merely standing behind me, no matter how innocuous my activities.
Please, don't start with this "if you have nothing to hide, you have nothing to worry about" utter crap. The next step to that is "if you have anything to hide, you're probably a pedophile" which you're already alluding to. No, we just don't like oxygen-wasting cretins sticking their nose into our lives. Considering such a vast number of people value their privacy in exactly the same way, this behavior is *natural*.
I make very little effort to hide my presence online. But if I did choose to, then by no means does anyone have any justification to suggest that there's something wrong with wanting to hide. It's part of the human condition - some people like being seen, being known, being pored over - some people prefer the exact opposite.
You might suggest this is an over-reaction, that you're merely pointing out that the internet isn't for people who want to hide. But the point is, it should be. You should be directing your energies to fixing the problem - not just throwing your hands up and saying 'don't bother trying to hide even if you want to'.
Re:Other than a few uber nerds (Score:5, Insightful)
Exactly. Some activities need to stay hidden. For example:
* I don't want someone's Christmas gift to be spoiled for them.
* My neighbors don't need to know how much my electric bill was, or what tier of service I have hooked up to that wireless router.
* I have a very dedicated stalker, whose information is limited because that person can't dig into my email or other accounts to find out what I'm up to.
* If I post on a forum for people who own a particular product, I don't need people to be able to find my house so they can steal it.
* A friend who's hurting after a disastrous breakup might email me something in confidence. That should stay confidential.
* Employment and tax documents, with pay grade information and SSNs and all kinds of other PII.
* Online banking, anyone?
* I may compose some music that isn't ready for release yet, and that needs to stay private until it's been polished.
* Medical records about who has what rash on their what now?
There's just some information that doesn't need to be free. No nefarious intent, just things that shouldn't be public.
Re: (Score:2)
(Man, if someone wants to know their christmas presents badly enough to crack 1024-bit RSA, just let them.)
Re: (Score:2)
I'm not imposing anything on anyone. Far from it - I'm saying if people want to be left alone, then leave them alone. Unless you already have evidence they're committing a crime, then nothing they do is yours or my business. OP was saying "if you have to hide, stay off the internet". I'm saying that premise is offensive, primarily in that he's suggesting that people who "have to hide" are the same as people who "want to hide".
Re: (Score:2)
The whole purpose of the Internet is to connect machines. Whether data is shared or not is up to the users.
Re: (Score:3)
> Your anxiety issues can be treated, the Internet is not proper treatment,
Firstly, who said my anxiety was anything to do with the internet? I never even mentioned a computer. Stop making up shit.
> You use the Internet as a crutch. Man up and fucking go see a damn doctor and stop being such a coward.
I said I don't make effort to hide my online activities. I'm not talking about myself. I'm respecting those who do want to maintain their privacy.
> You were NEVER anonymous on the Internet, you have AL
See what I did here? (Score:3)
Sorry guys, Tor is designed to be used in all the ways we've spent years trying to fix broken internet protocols from doing, you really need to stop drooling over it. Its not actually a good solution. It is in fact an absolutely shitty solution to the problem, as its really a way to create a bunch of new ones.
If you have to hide, the Internet isn't for you.
It's a really good solution! It protects privacy, it's supported/maintained by really smart people who want to protect privacy, and (when using the most current version) gives the user strong privacy.
I just made a whole lot of unsubstantiated claims with no explanation, no supporting evidence, and with no background... just like you did. (I didn't call people names, though.)
Sheesh, gimme some Deep Woods Off! [google.com] - The number of astroturfers on Slashdot is astounding.
Who cares who else uses Tor? Who cares whethe
Re: (Score:2)
Actually, no, it can't. You're thinking of i2p [i2p2.de], not Tor.
If you're confused, you need to read up on the major flaws and vulnerabilities in Tor [erratasec.com] that allow the NSA or enough controlling entities to de-anonymize anyone using Tor. In fact, the more Tor exit nodes, the eas
Re:Other than a few uber nerds (Score:4, Insightful)
"If you have to hide, the Internet isn't for you."
"pedophiles and botnets"
Are you cutting yourself with that edginess?
You know what, I've yet to see anything worth reading coming from your keyboard and this is your crowning glory - associating people who want some privacy with pedophiles.
Your opinions are worth less than the photons they have been written with.
Ciao. Meet your new status.
--
BMO
Re: (Score:2)
Bingo.
Cookie for BitZ!
Re: (Score:2)
Building, waiting, charming, learning, selling, helping, advising... arms, tech, nuclear, space, science
The days of backing messy revolutions and flaky leaders is still an idea that has traction but they have learned not to race into traps.
Tor has it origins with the US government and as such has always the same sta
Re: (Score:3)
Just assist and support the people in the US who are trying to curtail the out-of-control US government whenever and however you can with whatever can help.
The US government has been steadily growing and hardening itself against control by the citizenry and expanding its' scope & power beyond constitutional limits for ~100 years. It won't be overcome by a change simply between (D) & (R). The pendulum must swing back toward constitutional first-princ