[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] How the NSA breaks Diffie-Hellmann

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] How the NSA breaks Diffie-Hellmann
From: Lluís <2015.msl@xxxxxxxxx>
Date: Tue, 20 Oct 2015 08:52:24 +0000
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 20 Oct 2015 04:53:00 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:mime-version:to:subject:references:in-reply-to :content-type:content-transfer-encoding; bh=XohH4l7wTIDqtkpSb7j0Z6b6R73OmobCdHbS2T4CBac=; b=pwcdeNPvD+uqcqtQ5QtrZMetpYf77RFR8iaUBoVCi8a/A8Hdvloy+dFX5HxsQdBgJa hLTo0JwxQwdyShYA8yq7gWfeeckGG6aN3a/lXN6gvcMfoTORhblOduyUFLPFFlUbkDuT cAAIMNF+DDu+9aKzVMBDgRB8FvjX+CgJ/kOec8RxdFusamx6kqt6D2GHiHp9y3h24+9g u49M09VSQVU4eerHD0I0k6fjNej9BIyhGFoBuIknwNrMQamE/OPIomWMSMjjrx+Er4+d alID8t0QF+364EcfOGNjQeLQ77tv9NR+ap1S24P6arNiBEkrtWc5S46K/96tKIZrrqnX 6g3g==
In-reply-to: <641167991.942.1445327519824.JavaMail.open-xchange@ox1app>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <641167991.942.1445327519824.JavaMail.open-xchange@ox1app>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

I understand, from a post to this list, than tor is switching from RSA
to elliptic curve key generation.

What would we expect from that update ?

Thanks for everyone's effort

Lluís

karsten.n@xxxxxxxxxxx:
> Hello,
> 
> the paper "How is NSA breaking so much crypto?" got the Best Paper Award
> at ACM CCS im Oct. 2015.
> 
> https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/
> 
> Diffie-Hellman is a cornerstone of modern cryptography used for VPNs,
> HTTPS websites, email, and many other protocols. The paper shows that many
> real-world users of Diffie-Hellman are likely vulnerable to state-level
> attackers.
> 
> A state-level attacker like NSA can pre-compute the most common used 1024
> bit DH parameter sets which are recommend in RFC 2409. If pre-computation
> was done for the two most common used DH parameter sets the NSA can braek
> 2/3 of VPN connections, 1/4 of SSH connections and 1/5 of SSL/TLS
> connections on-the-fly.
> 
> EFF.org recommends to disable DHE cipher in Firefox and Chrome: 
> "How to Protect Yourself from NSA Attacks on 1024-bit DH"
> https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH
> 
> An other more advanced solution for TorBrowser would be possible. You can
> increase the min. length for DH parameter to 2048 bit in NSS lib. Min.
> length for DH parameter was set to 1024 in NSS 3.19.1 to avoid Logjam
> attack. May be, it is time to increase it to 20148 bit?
> https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes
> 
> Karsten N.
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] How the NSA breaks Diffie-Hellmann
  - From: Nick Mathewson

References:
- [tor-talk] How the NSA breaks Diffie-Hellmann
  - From: karsten . n

Prev by Author: Re: [tor-talk] How the NSA breaks Diffie-Hellmann
Next by Author: Re: [tor-talk] Tor
Previous by thread: [tor-talk] How the NSA breaks Diffie-Hellmann
Next by thread: Re: [tor-talk] How the NSA breaks Diffie-Hellmann
Index(es):
- Author
- Thread