[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] wake up tor devs

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] wake up tor devs
From: Seth David Schoen <schoen@xxxxxxx>
Date: Wed, 17 Sep 2014 17:07:34 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 17 Sep 2014 20:07:47 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org; s=mail2; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date; bh=qizpO9gQwzR6IVPO2h0GTP9u3q3oX4A4nFC7BLCujTc=; b=Z4yi3DOxMf9YWJ3xoH1QZ24U+rI87ewNI5rkuS42fcbpHm4l2nyNxGonn42Irhj1/KqtB/q1ZPymJR9KX1sv36v8newZlih+eLPpqmFZTwTHf89fNFsMgLSHkWuW0cIo9nRTbABr77kN1oR3A+51tY5W0rvfBZ8tw5ut6WHB23s=;
In-reply-to: <1410994840.10492.7.camel@anglachel>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <156b8eed2e9dc784c15c238afc028330.squirrel@xxxxxxxxxxxxxxxxxxxxxx> <CAD2Ti29evbkQ5vRJxkEbx=L+hKypUsVdZY7aFuCkktXU=xMpsA@xxxxxxxxxxxxxx> <1410994840.10492.7.camel@anglachel>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.21 (2010-09-15)

Ted Smith writes:

> There's a reason why the NSA has "Tor Stinks" presentations and not "I2P
> stinks" presentations. 

I don't know of a good basis for estimating what fraction of NSA's
capabilities or lack of capabilities we've learned about.  And even
when someone _working at NSA_ writes that attack X doesn't work or
doesn't exist, they may not know that attack Y achieves some of the
same goals.  For example, there were press reports that there was
some major cryptanalytic breakthrough a few years ago and that it has
far-ranging implications*.  I don't think the details have ever become
public; a best-case-for-cryptographic-privacy scenario might be that it's
"only" an operationalized, albeit expensive, attack against 1024-bit RSA
or DH (one of the possibilities considered in Matthew Green's analysis).
In any case, many people working on surveillance within NSA might not know
what the breakthrough is or how it works, and may still be assiduously
working on attacks that in principle are largely redundant with it.

(Their NSA colleagues may want them to be working on redundant attacks
because many of the existing attacks are described as "fragile" -- so
they want to have parallel ways to achieve some of the same stuff.)

Most of us don't work in highly compartmentalized organizations or
organizations that try to practice a very strict need-to-know rule.
So we might think that if someone in an organization says at some time
that something is easy, or difficult, or cheap, or expensive, that that
reflects the general attitude of all the parts of that organization.
(Like if somebody working at Intel said it was hard to fabricate
semiconductor devices in a particular way, or somebody working at Boeing
said it was hard to take advantage of a particular aerodynamic effect,
or somebody working at EFF said it was hard to sue the government under
a particular legal theory, you might tend to think these things were
basically true, as far as those people's colleagues knew.)

I think that's only approximately or indirectly true of people working
in an organization like NSA or GCHQ.

* Possibly relevant reporting and discussion includes
  http://www.wired.com/2012/03/ff_nsadatacenter/all/
  http://www.wired.com/2013/09/black-budget-what-exactly-are-the-nsas-cryptanalytic-capabilities/
  http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html
  http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=1&;
  (including claims of widespread success at defeating cryptography,
  partly on the basis of sabotaging it but at least partly on the
  basis of "development of advanced mathematical techniques")

-- 
Seth Schoen  <schoen@xxxxxxx>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] wake up tor devs
  - From: Ted Smith

References:
- [tor-talk] wake up tor devs
  - From: BM-2cUqBqHFVDHuY34ZcpL3PNgkpLUEEer8ev
- Re: [tor-talk] wake up tor devs
  - From: grarpamp
- Re: [tor-talk] wake up tor devs
  - From: Ted Smith

Prev by Author: [tor-talk] Torbutton "load external content"
Next by Author: Re: [tor-talk] What should our 31c3 talk be?
Previous by thread: Re: [tor-talk] wake up tor devs
Next by thread: Re: [tor-talk] wake up tor devs
Index(es):
- Author
- Thread