Next question: can the NSA crack Tor keys?

Sep 09, 2013 by Nancy Owano weblog

( —"After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH [DH refers to Diffie-Hellman] keys." With that Friday blog post, Errata Security CEO Robert Graham ignited a spark of outside posts reporting on Graham's observations about Tor.

"The problem with Tor is that it still uses these 1024 bit keys for much of its crypto," he said, "particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys." Tor is short for The Onion Router, a service that offers anonymous browsing. Tor takes a user's Internet traffic and masks its location. He suggested that the Tor community do a better job getting people to upgrade to 2.4.

His speculation follows an exercise where he ran his own "hostile" exit node on Tor and surveyed encryption algorithms established by incoming connections. TOR still uses 1024 RSA/DH keys for much of its crypto.

About 76 percent of the 22,920 connections that he polled used some form of the older version keys. "Only about 24 percent of incoming connections were using the newer software," he said.

With the newer keys. the operations involved are more computationally intensive. According to the NSA site posting back in 2009, the US National Institute for Standards and Technology recommended that these 1024-bit systems be upgraded to something providing more security. The NSA discussion, titled "The Case for Elliptic Curve Cryptography." said that the US National Institute for Standards and Technology recommended that these 1024-bit systems were sufficient for use until 2010. "The question is what should these systems be changed to? One option is to simply increase the public key parameter size to a level appropriate for another decade of use. Another option is to take advantage of the past 30 years of public key research and analysis and move from first generation algorithms and on to elliptic curves."

"Of course, this is still just guessing about the NSA's capabilities," noted Graham.

Explore further: Protection for whistleblowers: Computer science professor working on system that would allow for secret data transfer

More information:

Related Stories

Report: NSA cracked most online encryption

Sep 05, 2013

The National Security Agency, working with the British government, has secretly been unraveling encryption technology that billions of Internet users rely upon to keep their electronic messages and confidential ...

NSA seeks recruits via Twitter

Jun 07, 2013

The National Security Agency (NSA) is looking for a few good cybersnoops. This week's furor over top-secret collection of phone records and online data isn't deterring the US government's electronic intelligence-gathering ...

Recommended for you

LinkedIn membership hits 300 million

Apr 18, 2014

The career-focused social network LinkedIn announced Friday it has 300 million members, with more than half the total outside the United States.

Researchers uncover likely creator of Bitcoin

Apr 18, 2014

The primary author of the celebrated Bitcoin paper, and therefore probable creator of Bitcoin, is most likely Nick Szabo, a blogger and former George Washington University law professor, according to students ...

White House updating online privacy policy

Apr 18, 2014

A new Obama administration privacy policy out Friday explains how the government will gather the user data of online visitors to, mobile apps and social media sites. It also clarifies that ...

User comments : 5

Adjust slider to filter visible comments by rank

Display comments: newest first

5 / 5 (1) Sep 09, 2013
Doesn't it seem to hint that if the NSA is now recommending a new encryption standard that it is generally safe - but they already know how to undo it?
1 / 5 (6) Sep 09, 2013
So what is this new security method? The article mentions the older 1024-bit encryption 5 times, but fails to mention what the newer method is.
not rated yet Sep 09, 2013
verkie; they are referring to using 2048 bit keys instead of 1024 bit keys. some people who believe the performance cost is worth the extra security use 3072 bit and even 4096 bit keys.

The stronger the key, the longer it takes to crack.

you might want to learn more about how this stuff works:
not rated yet Sep 09, 2013
In November 2007, Bruce Schneier wrote in Wired: "there's an even bigger stink brewing around Dual_EC_DRBG ... the algorithm contains a weakness that can only be described a backdoor" placed there by NSA.

By no stretch of the imagination am I a cybersecurity or cryptography expert, but I'd be very very leery of using elliptic curve for anything at this point.
1 / 5 (1) Sep 09, 2013
I'm planning to make a bootable DVD with SSH and a simple one-time pad program with a hashing function, and a lot of quantum-random data for the pad. Nothing can break that, but I will have to snail-mail or hand-deliver copies of it.

More news stories

Students take clot-buster for a spin

( —In the hands of some Rice University senior engineering students, a fishing rod is more than what it seems. For them, it's a way to help destroy blood clots that threaten lives.

Finnish inventor rethinks design of the axe

( —Finnish inventor Heikki Kärnä is the man behind the Vipukirves Leveraxe, which is a precision tool for splitting firewood. He designed the tool to make the job easier and more efficient, with ...

First steps towards "Experimental Literature 2.0"

As part of a student's thesis, the Laboratory of Digital Humanities at EPFL has developed an application that aims at rearranging literary works by changing their chapter order. "The human simulation" a saga ...