Tor is still DHE 1024 (NSA crackable)

[Nytro]

[h=3]Tor is still DHE 1024 (NSA crackable)[/h]

By Robert Graham

After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no "breakthroughs", the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.

The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys.

You can see this for yourself by going to a live listing of Tor servers, like TorStatus - Tor Network Status. Only 10% of the servers have upgraded to version 2.4.

Recently, I ran a "hostile" exit node and recorded the encryption negotiated by incoming connections (the external link encryption, not the internal circuits). This tells me whether they are using the newer or older software. Only about 24% of incoming connections were using the newer software. Here's a list of the counts:

14134 -- 0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
 5566 -- 0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
 2314 -- 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
  905 -- 0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
    1 -- 0xc012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

The older software negotiates "DHE", which are 1024 bit Diffie-Hellman keys. The newer software chooses ECDHE, which are Elliptical-Curve keys. I show the raw data because I'm confused by the last entry, I'm not sure how the software might negotiate ECDHE+3DES, it seems like a lulz-worthy combination (not that it's insecure -- just odd). Those selecting DHE+3DES are also really old I think. I don't know enough about Tor, but I suspect anything using DHE+3DES is likely more than 5 years old.

(By the way, I used my Ferret tool to generate this, typing "ferret suites -r ".)

The reason software is out of date is because it takes a long time for repositories to be updated. If you type "apt-get install tor" on a Debian/Ubuntu computer, you get the 2.3 version. And this is what pops up as the suggestion of what you should do when you go to the Tor website. Sure, it warns you that the software might be out-of-date, but it doesn't do a good job pointing out that it's almost a year out of date, and the crypto the older version is using is believed to be crackable by the NSA.

Of course, this is still just guessing about the NSA's capabilities. As it turns out, the newer Elliptical keys may turn out to be relatively easier to crack than people thought, meaning that the older software may in fact be more secure. But since 1024 bit RSA/DH has been the most popular SSL encryption for the past decade, I'd assume that it's that, rather than curves, that the NSA is best at cracking.

Therefore, I'd suggest that the Tor community do a better job getting people to upgrade to 2.4. Old servers with crackable crypto, combined with the likelyhood the NSA runs hostile Tor nodes, means that it's of much greater importance.

Sursa: Errata Security: Tor is still DHE 1024 (NSA crackable)

[Matt]

Nytro : Postezi cam multe stiri, pe wildchild il dor picioarele cand le citeste.

* Interesant

[wildchild]

Eu nu ?i-am b?gat vreodat? de vin? c? ai posta prea multe ?tiri, nu m? deranjeaz? s? citesc.

Ceva la obiect: https://www.facebook.com/photo.php?fbid=743447935669082&set=a.197666140247267.65555.172819872731894&type=1&ref=nf

[Stfean_Iordache]

and who cares....daca nu cumva cumpar plutoniu de pe net atunci nsa nu ar trebui sa se bage in treburile mele....asa daca ar sta la fiecare mica posibilitate de incalcare a legii ar fi dictactorism plus ca ar fi imposibil....nici nu vad scopul tor pentru ca 99,99% nu au nevoie de el in activitatiile lor online deoarece nsa nu s-ar baga in treburile lor iar 0,01% sunt cei care chiar au nevoie sa fie anonimi si sigur nu o sa foloseasca tor , ci o metoda mult mai sigura in care se vor investi o gramada de bani....

Edited September 8, 2013 by Stfean_Iordache

[yo20063]

and who cares....daca nu cumva cumpar plutoniu de pe net atunci nsa nu ar trebui sa se bage in treburile mele....asa daca ar sta la fiecare mica posibilitate de incalcare a legii ar fi dictactorism plus ca ar fi imposibil....nici nu vad scopul tor pentru ca 99,99% nu au nevoie de el in activitatiile lor online deoarece nsa nu s-ar baga in treburile lor iar 0,01% sunt cei care chiar au nevoie sa fie anonimi si sigur nu o sa foloseasca tor , ci o metoda mult mai sigura in care se vor investi o gramada de bani....

You don't know shit!

[ehd]

Sunt programator la vidalia tor de 2 ani, nu exista brese actuale in nodurile tor, au fost incidente cu versiunile mai vechi, acum s-au scos multe functii ca tor sa ruleze fara sa fie interceptat, dar inca se lucreaza pentru imbunatatirea serviciilor si eliminarea "companiilor cartita" din sistemul vidalia.Onion este viitorul@!

[Nytro]

Si daca toate lucrurile astea care se spun despre NSA sunt inventate pentru ca noi sa punem mai mult accentul pe securitate?

[M2G]

Si daca toate lucrurile astea care se spun despre NSA sunt inventate pentru ca noi sa punem mai mult accentul pe securitate?

As zice mai degraba ca ar fi inventate pentru a creste frica in randul populatiei si rezistentei la sistem. Poate ca pierd teren in fata TOR, the pirate bay, wikileaks si vor cumva sa demonstreze ca totul e in control si ca au inca putere. (adica blufeaza) Ar fi o posibiliate.

[wildchild]

Si daca toate lucrurile astea care se spun despre NSA sunt inventate pentru ca noi sa punem mai mult accentul pe securitate?

Dac? articolul ar fi controlat de agen?ie, n-ar fi în interesul lor s? se securizeze mai bine lumea.

Dup? p?rerea mea, le trebuie foarte multe honeypot-uri b?gate ca noduri în re?eaua TOR pentru o ?ans? decent? a unei imagini clare asupra traseului pe unde circul? exact traficul de date, înainte s? îl decripteze.