[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] NSA supercomputer

>  ill really try not to go conspiracy crazy... but that is always a risk
> there is also a video on youtube from a recent con about the feasibility of
> factoring them, <"fast hacks" or something like that>

There are always rational analyses that can be made.
Many analysts think of the available storage and compute
power in a facility such as that (100ksqft 65MW public initial)
in terms of the common commercial datacenter filled with commodity
compute gear... dell servers, seagate drives, ati gpus, cisco net, etc.
'Google big/smart corp style' if you will. That's certainly a lot of it.
But what few seem to consider is custom hardware and the big
budget picture which you can search for pretty pictures of. And black
secrets. So perhaps some higher storage density tech... gates as
disk, optical, etc. And definitely mountains of custom ASICs. People
know about deepcrack and bitcoin asics and Intel's smallest fabs...
well how much of that can you tape out and power on that kind
of budget... ? Lots. Now factor in 10-25-?? percent ahead via
black tech.

It seems safe to assume some properly implemented yet
smaller keylength algos may be at risk. And essentially
certain that all manner of network and data analysis is
possible limited only by the programming brains and
scale to do it.

As for Tor, 1024bit equivalence may be a bit low. Most
of the cost is in key exchange/setup, not the stream itself.
Run 'openssl speed' to see that. End user machines could handle
4096, but the relays and HS are a question. It's not crunchtime yet
but maybe getting closer. See also keylength.org, and the various
crypto and risks lists.

Maybe Tor's TCP streams are a weak point in timing and network
analysis. There's probably some anonbib about splitting up
the traffic across UDP paths for reassembly on the far side.
And even that's still subject to analysis.

> if they intercepted everything, there wont be much of a need to decrypt it.

What real limits are there to their 'partnership' with telecoms?
A telecom may want legal ability to feed them everything.
But what is the penalty for not? The courts will not liquidate a
telecom no matter how gross their constitutional infraction under
the cover and 'authorization' of the executive and even legislative.
Worst case for them is a senate show hearing, they get censured,
a token fine, some heads roll and life goes on.

Same for unauthorized taps... you know about Glomar and other
deep sea fun right. Lots of vacuuming going on out there. No real
penalties apply other than the oopsies of political embarrasment
and a turn through the revolving door.

What about US torture going to the Hague, any number of things
around the world lately, not much penalty there, so none here either.

> its not easy, and i cant claim they can actually do that, but thats the
> risk, and its out of the scope of the Tor threat model.
> there is a video somewhere of bill binney talking about this approach...

It's reasonable that determining who is talking to who, given
those endpoints (the who's) that fall entirely within the network
one can see and process at this scale, is relatively easy.
Especially for anything regular, outstanding, or that can be

Hidden services definitely fall under the latter. They either don't
have them within network yet, or they're on about bigger/secret
fish and don't care to shut them down. Drugs, murder, crime and
cp... all traditional LEA areas, will nearly always take a back
seat to [inter]national intrigue. They're also not 1980's CIA narco
scale, so there they may remain.

> exciting times :)
> if you think im wrong

Indeed. And no.

If Tor and similar systems, Bitcoin, and whatever else are still around
and canary free by 2020, they're either incredibly strong, up against
clueless adversaries, or just riding unawares and high in the back seat
while the driver in a black suit grins doing 88mph :)
Take your pick and calibrate accordingly.
tor-talk mailing list