Like many programmers, one of the things I like to do is design my own crypto algorithms. Specifically, at the heart of my port-scanner masscan is a cryptographic algorithm for randomizing IP addresses and port numbers.
This algorithm has flaws. Well, it's good enough for port scanning, but it's not cryptographically secure. In this post, I describe how graph stuff so that these flaws can be detected. Update: I added a second nmap sample to compare against.
Showing posts with label crypto. Show all posts
Showing posts with label crypto. Show all posts
Tuesday, December 31, 2013
Friday, September 06, 2013
Tor is still DHE 1024 (NSA crackable)
After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no "breakthroughs", the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.
Update: The above list are the incoming connections from other Tor servers. The following is a list of outgoing connections (since this is an exit node). This has nothing to do with the above discussion, I just include it here for completeness.
count suite - description
39611 0x0005 - TLS_RSA_WITH_RC4_128_SHA
30138 0x0035 - TLS_RSA_WITH_AES_256_CBC_SHA
14569 0xc011 - TLS_ECDHE_RSA_WITH_RC4_128_SHA
10043 0x0004 - TLS_RSA_WITH_RC4_128_MD5
8576 0xc007 - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
7100 0x0039 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA
4081 0x002f - TLS_RSA_WITH_AES_128_CBC_SHA
2077 0xc014 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1900 0x0088 - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1090 0x0084 - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
481 0xc013 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
337 0x000a - TLS_RSA_WITH_3DES_EDE_CBC_SHA
102 0xc009 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
101 0x0016 - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
83 0x009f -
78 0xc030 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
35 0xc02f - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
16 0x0033 - TLS_DHE_RSA_WITH_AES_128_CBC_SHA
6 0x003d - TLS_RSA_WITH_AES_256_CBC_SHA256
6 0xc028 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys.
You can see this for yourself by going to a live listing of Tor servers, like http://torstatus.blutmagie.de/. Only 10% of the servers have upgraded to version 2.4.
Recently, I ran a "hostile" exit node and recorded the encryption negotiated by incoming connections (the external link encryption, not the internal circuits). This tells me whether they are using the newer or older software. Only about 24% of incoming connections were using the newer software. Here's a list of the counts:
14134 -- 0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
5566 -- 0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2314 -- 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
905 -- 0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1 -- 0xc012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
The older software negotiates "DHE", which are 1024 bit Diffie-Hellman keys. The newer software chooses ECDHE, which are Elliptical-Curve keys. I show the raw data because I'm confused by the last entry, I'm not sure how the software might negotiate ECDHE+3DES, it seems like a lulz-worthy combination (not that it's insecure -- just odd). Those selecting DHE+3DES are also really old I think. I don't know enough about Tor, but I suspect anything using DHE+3DES is likely more than 5 years old.
(By the way, I used my Ferret tool to generate this, typing "ferret suites -r
The reason software is out of date is because it takes a long time for repositories to be updated. If you type "apt-get install tor" on a Debian/Ubuntu computer, you get the 2.3 version. And this is what pops up as the suggestion of what you should do when you go to the Tor website. Sure, it warns you that the software might be out-of-date, but it doesn't do a good job pointing out that it's almost a year out of date, and the crypto the older version is using is believed to be crackable by the NSA.
Of course, this is still just guessing about the NSA's capabilities. As it turns out, the newer Elliptical keys may turn out to be relatively easier to crack than people thought, meaning that the older software may in fact be more secure. But since 1024 bit RSA/DH has been the most popular SSL encryption for the past decade, I'd assume that it's that, rather than curves, that the NSA is best at cracking.
Therefore, I'd suggest that the Tor community do a better job getting people to upgrade to 2.4. Old servers with crackable crypto, combined with the likelyhood the NSA runs hostile Tor nodes, means that it's of much greater importance.
Update: The above list are the incoming connections from other Tor servers. The following is a list of outgoing connections (since this is an exit node). This has nothing to do with the above discussion, I just include it here for completeness.
count suite - description
39611 0x0005 - TLS_RSA_WITH_RC4_128_SHA
30138 0x0035 - TLS_RSA_WITH_AES_256_CBC_SHA
14569 0xc011 - TLS_ECDHE_RSA_WITH_RC4_128_SHA
10043 0x0004 - TLS_RSA_WITH_RC4_128_MD5
8576 0xc007 - TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
7100 0x0039 - TLS_DHE_RSA_WITH_AES_256_CBC_SHA
4081 0x002f - TLS_RSA_WITH_AES_128_CBC_SHA
2077 0xc014 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
1900 0x0088 - TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
1090 0x0084 - TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
481 0xc013 - TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
337 0x000a - TLS_RSA_WITH_3DES_EDE_CBC_SHA
102 0xc009 - TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
101 0x0016 - TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
83 0x009f -
78 0xc030 - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
35 0xc02f - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
16 0x0033 - TLS_DHE_RSA_WITH_AES_128_CBC_SHA
6 0x003d - TLS_RSA_WITH_AES_256_CBC_SHA256
6 0xc028 - TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Tuesday, August 06, 2013
Anonymity Smackdown: NSA vs. Tor
In recent news, Tor was hacked -- kinda. A guy hosting hidden services was arrested (with help from FBI), and his servers changed to deliver malware to expose user IP addresses (with help from NSA). This makes us ask: given all the recent revelations about the NSA, how secure is Tor at protecting our privacy and anonymity?
The answer is "not very". Tor has many weaknesses, especially the "Tor Browser Bundle". Experts might be able to protect their privacy with Tor against the NSA, but the casual user probably can't. I'm going to describe some of the reasons here.
The answer is "not very". Tor has many weaknesses, especially the "Tor Browser Bundle". Experts might be able to protect their privacy with Tor against the NSA, but the casual user probably can't. I'm going to describe some of the reasons here.
Thursday, May 30, 2013
BitCoin is a public ledger
For example, let’s say that you have a screen-play for a movie. Before shopping it around in Hollywood, you want to prove that it’s yours, so that a greedy producer can't steal it. Using BitCoin, you can add the signature (and date) of your screen-play to the "block chain", the "public ledger" where all Bitcoin transactions are stored. Now, if producers get greedy, you can (in theory) pull out this proof in a court and sue them.
As another example, let’s say that you have a great idea for a patent, but it’s not quite ready. Well, write it up into a file, then add the file’s signature to the block chain. Years from now, if somebody beats you to the patent filing, you can prove that you had the idea ahead of time.
You don’t need to really know how this works. There’s a website called http://proofofexistence.com that takes care of this for you. Put whatever it is you want in a file, the sign the file using that site. Years from now, you can prove to somebody then that this file existed right now, today.
This is just one example of many emergent phenomenon popping up around BitCoin. It’s not just about electronic currency, it’s about a lot of weird crypto concepts.
Wednesday, March 21, 2007
Cracking...
http://en.epochtimes.com/tools/printer.asp?id=50336
MD5, HAVAL-128, MD4, RIPEMD, and now SHA-1
Thats pretty awesome!
MD5, HAVAL-128, MD4, RIPEMD, and now SHA-1
Thats pretty awesome!
Thursday, January 04, 2007
George Ou scores!
http://blogs.zdnet.com/Ou/?p=400
George is awesome because he is by far one of the most technical reporters I have ever talked to. Its not often you find a reporter you can walk through a vulnerability and they make suggestion on areas to research. George is great like that. Now he is talking to the former chief scientist of the NSA. Folks this is a must read, I encourage you to post questions as well that George can get answered.
George is awesome because he is by far one of the most technical reporters I have ever talked to. Its not often you find a reporter you can walk through a vulnerability and they make suggestion on areas to research. George is great like that. Now he is talking to the former chief scientist of the NSA. Folks this is a must read, I encourage you to post questions as well that George can get answered.
Subscribe to:
Posts (Atom)