Tor, also known as The Onion Router, bounces your traffic through several random Internet servers, thus hiding the source. It means you can surf a website without them knowing who you are. Your IP address may appear to be coming from Germany when in fact you live in San Francisco. When used correctly, it prevents eavesdropping by law enforcement, the NSA, and so on. It's used by people wanting to hide their actions from prying eyes, from political dissidents, to CIA operatives, to child pornographers.
Recently, Pando (an Internet infotainment site) released a story accusing Tor of being some sort of government conspiracy.
This is nonsense, of course. Pando's tell-all exposé of the conspiracy contains nothing that isn't already widely known. We in the community have long joked about this. We often pretend there is a conspiracy in order to annoy uptight Tor activists like Jacob Appelbaum, but we know there isn't any truth to it. This really annoys me -- how can I troll about Tor's government connections when Pando claims there's actually truth to the conspiracy?
The military and government throws research money around with reckless abandon. That no more means they created Tor than it means they created the Internet back in the 1970s. A lot of that research is pure research, intended to help people. Not everything the military funds is designed to kill people.
There is no single "government". We know, for example, that while some in government paid Jacob Appelbaum's salary, others investigated him for his Wikileaks connections. Different groups are often working at cross purposes -- even within a single department.
A lot of people have ties to the government, including working for the NSA. The NSA isn't some secret police designed to spy on Americans, so a lot of former NSA employees aren't people who want to bust privacy. Instead, most NSA employees are sincere in making the world a better place -- which includes preventing evil governments from spying on dissidents. As Snowden himself says, the NSA is full of honest people doing good work for good reasons. (That they've overstepped their bounds is a problem -- but that doesn't mean they are the devil).
Tor is based on open code and math. It really doesn't matter what conspiracy lies behind it, because we can see the code. It's like BitCoin -- we know there is a secret conspiracy behind it, with the secretive Satoshi Nakamoto owning a billion dollars worth of the coins. But that still doesn't shake our faith in the code and the math.
Dissidents use Tor -- successfully. We know that because the dissidents are still alive. Even if it's a secret conspiracy by the U.S. government, it still does what its supporters want, helping dissidents fight oppressive regimes. In any case, Edward Snowden, who had access to NSA secrets, trusts his own life to Tor.
Tor doesn't work by magic. I mention this because the Pando article lists lots of cases where Tor failed to protect people. The reasons were unlikely to have been flaws in Tor itself, but appear to have been other more natural causes. For example, the Silk Road server configuration proves it was open to the Internet as well as through Tor, a rookie mistake that revealed its location. The perfect concealment system can't work if you sometimes ignore it. It's like blaming the Pill for not preventing pregnancy because you took it only on some days but not others. Thus, for those of us who know technically how things work, none of the cases cited by Pando shake our trust in Tor.
I'm reasonably technical. I've read the Tor spec (though not the code). I play with things like hostile exit nodes. I fully know Tor's history and ties to the government. I find nothing in the Pando article that is credible, and much that is laughable. I suppose I'm guilty of getting trolled by this guy, but seriously, Pando pretends not to be a bunch of trolls, so maybe this deserves a response.
Showing posts with label Tor. Show all posts
Showing posts with label Tor. Show all posts
Thursday, November 27, 2014
Thursday, July 03, 2014
XKeyScore: it's not attacking Tor
The latest Jacob Appelbaum story is, as usual, activist garbage. The underlying technical information is solid, but their conclusions are completely unwarranted.
The story starts by claiming that that two German Tor servers are "under surveillance by the NSA". That implies the NSA has installed a wiretap monitoring all traffic going to/from those servers. That's not what the evidence shows. Instead, the deal is that the wiretaps exist elsewhere in the world, such as Pakistan or Iran. The NSA wants to find users in those countries who connect to Tor. It's those people the NSA is surveilling. The same argument applies to the MixMinion server: the NSA isn't "tracking all connections" to the server as the story claims -- just ones that originate from the targets under surveillance, in order to find out information about those targets.
The story starts by claiming that that two German Tor servers are "under surveillance by the NSA". That implies the NSA has installed a wiretap monitoring all traffic going to/from those servers. That's not what the evidence shows. Instead, the deal is that the wiretaps exist elsewhere in the world, such as Pakistan or Iran. The NSA wants to find users in those countries who connect to Tor. It's those people the NSA is surveilling. The same argument applies to the MixMinion server: the NSA isn't "tracking all connections" to the server as the story claims -- just ones that originate from the targets under surveillance, in order to find out information about those targets.
Friday, September 06, 2013
Tor is still DHE 1024 (NSA crackable)
After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no "breakthroughs", the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.
Update: The above list are the incoming connections from other Tor servers. The following is a list of outgoing connections (since this is an exit node). This has nothing to do with the above discussion, I just include it here for completeness.
count suite - description
39611 0x0005 - TLS_RSA_WITH_RC4_128_SHA
30138 0x0035 - TLS_RSA_WITH_AES_256_CBC_SHA
14569 0xc011 - TLS_ECDHE_RSA_WITH_RC4_128_SHA
10043 0x0004 - TLS_RSA_WITH_RC4_128_MD5
8576 0xc007 - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
7100 0x0039 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA
4081 0x002f - TLS_RSA_WITH_AES_128_CBC_SHA
2077 0xc014 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1900 0x0088 - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1090 0x0084 - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
481 0xc013 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
337 0x000a - TLS_RSA_WITH_3DES_EDE_CBC_SHA
102 0xc009 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
101 0x0016 - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
83 0x009f -
78 0xc030 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
35 0xc02f - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
16 0x0033 - TLS_DHE_RSA_WITH_AES_128_CBC_SHA
6 0x003d - TLS_RSA_WITH_AES_256_CBC_SHA256
6 0xc028 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys.
You can see this for yourself by going to a live listing of Tor servers, like http://torstatus.blutmagie.de/. Only 10% of the servers have upgraded to version 2.4.
Recently, I ran a "hostile" exit node and recorded the encryption negotiated by incoming connections (the external link encryption, not the internal circuits). This tells me whether they are using the newer or older software. Only about 24% of incoming connections were using the newer software. Here's a list of the counts:
14134 -- 0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
5566 -- 0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2314 -- 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
905 -- 0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1 -- 0xc012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
The older software negotiates "DHE", which are 1024 bit Diffie-Hellman keys. The newer software chooses ECDHE, which are Elliptical-Curve keys. I show the raw data because I'm confused by the last entry, I'm not sure how the software might negotiate ECDHE+3DES, it seems like a lulz-worthy combination (not that it's insecure -- just odd). Those selecting DHE+3DES are also really old I think. I don't know enough about Tor, but I suspect anything using DHE+3DES is likely more than 5 years old.
(By the way, I used my Ferret tool to generate this, typing "ferret suites -r
The reason software is out of date is because it takes a long time for repositories to be updated. If you type "apt-get install tor" on a Debian/Ubuntu computer, you get the 2.3 version. And this is what pops up as the suggestion of what you should do when you go to the Tor website. Sure, it warns you that the software might be out-of-date, but it doesn't do a good job pointing out that it's almost a year out of date, and the crypto the older version is using is believed to be crackable by the NSA.
Of course, this is still just guessing about the NSA's capabilities. As it turns out, the newer Elliptical keys may turn out to be relatively easier to crack than people thought, meaning that the older software may in fact be more secure. But since 1024 bit RSA/DH has been the most popular SSL encryption for the past decade, I'd assume that it's that, rather than curves, that the NSA is best at cracking.
Therefore, I'd suggest that the Tor community do a better job getting people to upgrade to 2.4. Old servers with crackable crypto, combined with the likelyhood the NSA runs hostile Tor nodes, means that it's of much greater importance.
Update: The above list are the incoming connections from other Tor servers. The following is a list of outgoing connections (since this is an exit node). This has nothing to do with the above discussion, I just include it here for completeness.
count suite - description
39611 0x0005 - TLS_RSA_WITH_RC4_128_SHA
30138 0x0035 - TLS_RSA_WITH_AES_256_CBC_SHA
14569 0xc011 - TLS_ECDHE_RSA_WITH_RC4_128_SHA
10043 0x0004 - TLS_RSA_WITH_RC4_128_MD5
8576 0xc007 - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
7100 0x0039 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA
4081 0x002f - TLS_RSA_WITH_AES_128_CBC_SHA
2077 0xc014 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1900 0x0088 - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1090 0x0084 - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
481 0xc013 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
337 0x000a - TLS_RSA_WITH_3DES_EDE_CBC_SHA
102 0xc009 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
101 0x0016 - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
83 0x009f -
78 0xc030 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
35 0xc02f - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
16 0x0033 - TLS_DHE_RSA_WITH_AES_128_CBC_SHA
6 0x003d - TLS_RSA_WITH_AES_256_CBC_SHA256
6 0xc028 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Tuesday, August 06, 2013
Anonymity Smackdown: NSA vs. Tor
In recent news, Tor was hacked -- kinda. A guy hosting hidden services was arrested (with help from FBI), and his servers changed to deliver malware to expose user IP addresses (with help from NSA). This makes us ask: given all the recent revelations about the NSA, how secure is Tor at protecting our privacy and anonymity?
The answer is "not very". Tor has many weaknesses, especially the "Tor Browser Bundle". Experts might be able to protect their privacy with Tor against the NSA, but the casual user probably can't. I'm going to describe some of the reasons here.
The answer is "not very". Tor has many weaknesses, especially the "Tor Browser Bundle". Experts might be able to protect their privacy with Tor against the NSA, but the casual user probably can't. I'm going to describe some of the reasons here.
Subscribe to:
Posts (Atom)