[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] NSA supercomputer
On Thursday, April 04, 2013 08:17:29 Nick Mathewson wrote:
> On Thu, Apr 4, 2013 at 5:51 AM, Bernard Tyers <ei8fdb@xxxxxxxxxx> wrote:
> > Hi,
> > Is there a reason 1024 bit keys, instead of something higher is not used?
> > Do higher bit keys affect host performance, or network latency?
> Because in 2003/2004, when we were designing Tor, 1024-bit keys seemed
> like they would probably be good enough, AND we weren't confident of
> our ability to support arbitrary key sizes without screwing it up.
> But as of 0.2.4, the forward-secrecy parts of Tor[*] now support
> 256-bit ECC keys, which are probably about as good as 3072-bit RSA/DH
> keys, and a lot faster for most uses. I'd like to make more of the
> authentication parts of Tor support ECC over the next couple of
Sounds like a good idea. Now I'm going to throw out some possible attacks and
scenarios. I'm not sure how all the keys are used, so if I'm wrong, please
*Mallory breaks an identity key. He can then pretend to be that relay.
Directory servers will notice that two relays are claiming the same identity.
*The NSA runs a Tor relay called Eve. Eve passes all connection data to the
NSA. Unless Eve gets picked to be a guard, is an exit, or both, she'll get
only middleman data, which won't be much use. This attack has nothing to do
with key size.
*The NSA installs Eves at various ISPs that host or pass data for relays.
Alice and Bob are talking on Torchat. If Bob runs a relay, a timing attack is
impossible unless one of them sends a file, as the data Bob relays will swamp
the tiny amount of data they send by Torchat.
*The NSA runs a Tor relay called Eve. It's picked as the rendezvous point for
a hidden service. Can Eve read the plaintext?
*Eve breaks an onion key. She can read the key exchange when Alice connects
first to that relay. But unless Eve breaks the onion key for the second and
third relays, she can't read Alices' plaintext. Also the onion key will be
changed in a few days, so she won't be able to read Alice's connections for
tor-talk mailing list