[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] NSA supercomputer

On Thursday, April 04, 2013 08:17:29 Nick Mathewson wrote:
> On Thu, Apr 4, 2013 at 5:51 AM, Bernard Tyers <ei8fdb@xxxxxxxxxx> wrote:
> > Hi,
> > 
> > Is there a reason 1024 bit keys, instead of something higher is not used?
> > Do higher bit keys affect host performance, or network latency?
> Because in 2003/2004, when we were designing Tor, 1024-bit keys seemed
> like they would probably be good enough, AND we weren't confident of
> our ability to support arbitrary key sizes without screwing it up.
> But as of 0.2.4, the forward-secrecy[0] parts of Tor[*] now support
> 256-bit ECC keys, which are probably about as good as 3072-bit RSA/DH
> keys, and a lot faster for most uses.  I'd like to make more of the
> authentication parts of Tor support ECC over the next couple of
> releases.

Sounds like a good idea. Now I'm going to throw out some possible attacks and 
scenarios. I'm not sure how all the keys are used, so if I'm wrong, please 
correct me.

*Mallory breaks an identity key. He can then pretend to be that relay. 
Directory servers will notice that two relays are claiming the same identity.

*The NSA runs a Tor relay called Eve. Eve passes all connection data to the 
NSA. Unless Eve gets picked to be a guard, is an exit, or both, she'll get 
only middleman data, which won't be much use. This attack has nothing to do 
with key size.

*The NSA installs Eves at various ISPs that host or pass data for relays. 
Alice and Bob are talking on Torchat. If Bob runs a relay, a timing attack is 
impossible unless one of them sends a file, as the data Bob relays will swamp 
the tiny amount of data they send by Torchat.

*The NSA runs a Tor relay called Eve. It's picked as the rendezvous point for 
a hidden service. Can Eve read the plaintext?

*Eve breaks an onion key. She can read the key exchange when Alice connects 
first to that relay. But unless Eve breaks the onion key for the second and 
third relays, she can't read Alices' plaintext. Also the onion key will be 
changed in a few days, so she won't be able to read Alice's connections for 

tor-talk mailing list