[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] NSA has cracked web encryption!
On 13-09-06 10:26 PM, Nick Mathewson wrote:
> Over the 0.2.5 series, I want to move even more things (including
> hidden services) to curve25519 and its allies for public key crypto.
> I also want to add more hard-to-implement-wrong protocols to our mix:
> Salsa20 is looking like a much better choice to me than AES nowadays,
> for instance. I also want to support more backup entropy sources.
Schneier says in the Guardian :
"Prefer symmetric cryptography over public-key cryptography. Prefer
conventional discrete-log-based systems over elliptic-curve systems; the
latter have constants that the NSA influences when they can."
and in Wired :
Breakthroughs in factoring have occurred regularly over the past several
decades, allowing us to break ever-larger public keys. Much of the
public-key cryptography we use today involves elliptic curves, something
that is even more ripe for mathematical breakthroughs. It is not
unreasonable to assume that the NSA has some techniques in this area
that we in the academic world do not. Certainly the fact that the NSA is
pushing elliptic-curve cryptography is some indication that it can break
them more easily.
If we think that’s the case, the fix is easy: increase the key lengths.
The NSA can make use of everything discovered and openly published by
the academic world, as well as everything discovered by it in secret.
Assuming the hypothetical NSA breakthroughs don’t totally break
public-cryptography — and that’s a very reasonable assumption — it’s
pretty easy to stay a few steps ahead of the NSA by using ever-longer
keys. We’re already trying to phase out 1024-bit RSA keys in favor of
2048-bit keys. Perhaps we need to jump even further ahead and consider
3072-bit keys. And maybe we should be even more paranoid about elliptic
curves and use key lengths above 500 bits.
Are there some assurances that Tor is using the best parameters on its
symmetric, public key and curve cryptography? And how can we check?
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsusbscribe or change other settings go to