[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] #9345 [Tor]: enabling only the strongest ciphers in the tor browser to make cryptanalysis harder

To: undisclosed-recipients:;
Subject: [tor-bugs] #9345 [Tor]: enabling only the strongest ciphers in the tor browser to make cryptanalysis harder
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 27 Jul 2013 15:21:20 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 27 Jul 2013 11:21:32 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#9345: enabling only the strongest ciphers in the tor browser to make
cryptanalysis harder
---------------------------------------------+------------------------------
 Reporter:  rainbowanon                      |          Owner:                  
     Type:  enhancement                      |         Status:  new             
 Priority:  critical                         |      Milestone:  Tor: unspecified
Component:  Tor                              |        Version:  Tor: unspecified
 Keywords:  encryption, https, cipher suite  |         Parent:                  
   Points:                                   |   Actualpoints:                  
---------------------------------------------+------------------------------
 I suggest disabling weak ciphers in the Tor Browser and enabling only the
 strongest cipher suites forcing HTTPS websites to use only the strongest
 encryption when communicating via HTTPS with the Tor Browser.
 '''How to do it''':
 1-open the browser
 2-type "about:config"
 3-type "SSL3" in the search box
 4-among the search results are all the cipher suites the browser utilities
 5-double click on the (weak) ciphers you want to disable (like all the
 ones containing "128")
 VOILA!
 Now connect to any HTTPS website (like Facebook) and click the lock icon
 and see the cipher used.
 '''Results and importance''':
 We all know now that weak ciphers are either already broken or are very
 close to being cracked. So using the strongest ciphers will make
 cryptanalysis performed by bad ExitNodes much much harder (if not entirely
 impossible) to result in anything harmful to Tor users.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/9345>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Follow-Ups:
- Re: [tor-bugs] #9345 [TorBrowserButton]: enabling only the strongest ciphers in the tor browser to make cryptanalysis harder
  - From: Tor Bug Tracker & Wiki
- Re: [tor-bugs] #9345 [TorBrowserButton]: enabling only the strongest ciphers in the tor browser to make cryptanalysis harder
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #9344 [Firefox Patch Issues]: Cannot set tor browser as default browser nor open any link through it (even command-line)
Next by Author: [tor-bugs] #9346 [Tor]: Make Guard flag easier to get
Previous by thread: [tor-bugs] #9344 [Firefox Patch Issues]: Cannot set tor browser as default browser nor open any link through it (even command-line)
Next by thread: Re: [tor-bugs] #9345 [TorBrowserButton]: enabling only the strongest ciphers in the tor browser to make cryptanalysis harder
Index(es):
- Author
- Thread