date:20180528

Re: [tor-talk] Post Quantum Tor

2018-05-28 Thread Lodewijk andré de la porte

RSA/ECDSA are both screwed.

SPHINCS seems good.

Post quantum asymcrypt doesn't seem generally ready yet, but hashes work.

2018-05-26 9:04 GMT+02:00 Jacki M :

> Here is the parent trac ticket for PQ 
> https://trac.torproject.org/projects/tor/ticket/24985
> 
>
> > On May 25, 2018, at 10:39 PM, Kevin Burress 
> wrote:
> >
> > Hi,
> >
> > I was just wondering since the NSA has quantum computers that can break
> > ECDSA (As they have stated they could break bitcoin in an interview, and
> > telecomix unlocked Cameron's hard drive.) When is Tor going to be
> upgraded
> > to post quantum?
> >
> > Can we at least hack together an interleaving of RSA and ECDSA with some
> > secure number of rounds in the interim?
> > --
> > tor-talk mailing list - tor-talk@lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Post Quantum Tor

2018-05-28 Thread Kevin Burress

S7r I generally agree with you there. There is no evidence that it has been
broken. Thus we can only go by what these agencies are saying or hinting
about their capabilities. I certainly don't think that in this case it is
required and must negotiate with post quantum cryptography, only that as a
feature a client may require that for all of their tunnels unless it is
found to be flawed.


We know that ecdsa is weak against a quantum computer, as well as rsa. The
only evidence I can provide is publicly available:
https://cointelegraph.com/news/nsa-will-not-use-quantum-computers-to-crack-bitcoin-antonopoulos

The NSA stating they could break crypto with their current tools
(specifically the weak ecdsa used for wallets) and that they won't and use
the tools for "other things" which immediately makes me think of Tor.

The only other evidence I can submit as a need to upgrade encryption in
general is the government issued that they will no longer use key lengths
below 3k rsa, and require at least 4096 for top secret information.



On Mon, May 28, 2018, 11:48 AM s7r  wrote:

> Lodewijk andré de la porte wrote:
> > RSA/ECDSA are both screwed.
> >
> > SPHINCS seems good.
> >
> > Post quantum asymcrypt doesn't seem generally ready yet, but hashes work.
> >
>
> You claim this based upon what evidence? Do you have any technical
> document or citation in order to sustain your claim? I am not talking
> about something you read on an anonymous blog here. Also, which RSA?
> There is limited evidence that RSA 1024 might not be sufficient with
> current existing computing power (not even evidence, more like an
> assumption), but RSA 2048 / 4096 should be sufficient. Even  for RSA
> 1024 you might need to be a real threat in order to be worth the
> resources to be spent on you.
>
> There is no evidence of ECDSA and ECDH being screwed (regardless of the
> curve used, NIST ones, cv25519, secp256k1, etc.).
>
> I understand that some might be inclined to think that everything is
> screwed, and that the NSA/CIA have the power to do anything, but there
> is no evidence to sustain such a claim. To be frank, I am very happy to
> have people like this in the community because problems might get fixed
> even before they become real problems.
>
> Everyone who correctly used encryption tools with up to date recommended
> standards were safe, the cases where it failed relied purely on human
> error, social engineering or other kind of side channel attacks. If I am
> able to spy on the passphrase of your private key (or if you have a weak
> dictionary passphrase that I can break with brute force in like 1 year)
> this does not mean I have the power to break the algorithm of your
> encryption key (RSA, ECC). Unfortunately way too many people use small,
> easy to remember passphrases (even related to their names, dates of
> birth, spouse names, pet names, etc.). A good brute force tool will take
> for example 2 years to break a relatively simple passphrase, but if fed
> with hints (names, dobs, friends, pets, places) that can be narrowed
> down exponentially to 2 months.
>
> Let's keep this discussion productive. Tor _needs_ post quantum
> resistant crypto as a _feature_, so that current traffic if captured and
> stored cannot be decrypted within reasonable time in the future. The
> time frame is variable an dependent on each case and threat model, but
> let's say like one or two decades. So, this is just an extra security
> measure Tor takes as the number one privacy tool, one that can be relied
> on.
>
> There is no evidence that quantum computers will be strong enough in 5
> or 10 years to break the current NON QUANTUM RESISTANT crypto used. At
> current moment quantum computers barely can do a square root of a two
> digit number. Also, I think it's safe to assume this type of threat is
> irrelevant if the current crypto in Tor might be broken in 100 years
> from now, because even if the subject is still alive at that moment, it
> might not matter at all.
>
> Taking the discussion just a little further, quantum computers face a
> physics problems related to time and space. A proven physics assumption
> tells us that something can only be in one place/position at a time.
> Like bits in normal computers nowadays, that can be either 0 either 1.
> Qbits have to be both at the same time. So, being a true lover of
> technology and believer, I am not stating it's impossible and it will
> never happen, but it is surely not knocking on our doors, from my opinion.
>
> Before experts struggle to answer this one, let us be productive and
> work on the proposals Nick quoted in a previous email to this thread, so
> we eliminate risk and don't have to worry if / when this becomes reality.
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other s

Re: [tor-talk] Post Quantum Tor

2018-05-28 Thread s7r

Kevin Burress wrote:
> 
> We know that ecdsa is weak against a quantum computer, as well as rsa. The
> only evidence I can provide is publicly available:
> https://cointelegraph.com/news/nsa-will-not-use-quantum-computers-to-crack-bitcoin-antonopoulos
> 

Well, with all due respect, Andreas Antonopoulos point of view and
personal opinion cannot be counted as evidence. cointelegraph.com uses
to quote twitter people and technology activists and stuff like this,
but when I say evidence I am thinking of technical or academical papers
describing and proving it exactly. This website is nothing like that.

In this article:
“...Do they use that to break Bitcoin? The simple answer is ‘no.’”

Hmm. Okay. Sounds like a real oracle. So we should just take that quote
and nail it to our bedroom wall and stare at it every day. But this is
worth 0 honestly.

The problem is that if the NSA could break it, so could others that have
enough incentive. Bitcoin price could be an incentive to many less
transparent governments that have funds for research and do not need to
publicly state what they are doing. So I am guessing that if it could be
done, we would see its effect.

> The NSA stating they could break crypto with their current tools
> (specifically the weak ecdsa used for wallets) and that they won't and use
> the tools for "other things" which immediately makes me think of Tor.
> 

Where did they state this exactly publicly and officially? I am just
asking, they could have stated it but I am just not aware of it and
would like to see if possible. I mean they stating it, not someone
saying hey it's me, and I know for sure the NSA can break current crypto.

> The only other evidence I can submit as a need to upgrade encryption in
> general is the government issued that they will no longer use key lengths
> below 3k rsa, and require at least 4096 for top secret information.
> 

Right. Agreed. Encryption should always be upgraded to a point that is
considered sufficient for the forseeable future. Requiring at least rsa
4096 for top secret information means that people are taking extra
security measures and raising standards, which is very very good.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Post Quantum Tor

2018-05-28 Thread grarpamp

https://www.zdnet.com/article/ibm-warns-of-instant-breaking-of-encryption-by-quantum-computers-move-your-data-today/

https://csrc.nist.gov/projects/post-quantum-cryptography
https://wikipedia.org/wiki/Post-quantum_cryptography
http://www.etsi.org/news-events/news/947-2015-03-news-etsi-launches-quantum-safe-cryptography-specification-group
http://www.pqcrypto.org/
https://ianix.com/pqcrypto/pqcrypto-deployment.html
https://pqcrypto.eu.org/
https://media.ccc.de/v/32c3-7210-pqchacks
https://github.com/zcash/zcash/issues/805
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Post Quantum Tor

2018-05-28 Thread Kevin Burress

Now whether or not all of this power consumption is a coverup for the
quantum capibilities of the NSA is a matter of speculation, but the fact of
the matter is they are breaking encryption and they did spend $2 billion on
a datacenter for that sole purpose.

On Mon, May 28, 2018 at 11:04 PM, Kevin Burress 
wrote:

> Okay, a little more grounded, about the Utah datacenter in 2012:
>
> "The NSA project now aims to break the "exaflop barrier" by building a
> supercomputer a hundred times faster than the fastest existing today, the
> Japanese "K Computer." That code-breaking system is projected to use 200
> megawatts of power, about as much as would power 200,000 homes."
>
> https://www.forbes.com/sites/andygreenberg/2012/03/16/nsas-
> new-data-center-and-ultra-fast-supercomputer-aim-to-
> crack-worlds-strongest-crypto/#3d46c8f332e0
>
> On Mon, May 28, 2018 at 8:53 PM, grarpamp  wrote:
>
>> https://www.zdnet.com/article/ibm-warns-of-instant-breaking-
>> of-encryption-by-quantum-computers-move-your-data-today/
>>
>> https://csrc.nist.gov/projects/post-quantum-cryptography
>> https://wikipedia.org/wiki/Post-quantum_cryptography
>> http://www.etsi.org/news-events/news/947-2015-03-news-etsi-
>> launches-quantum-safe-cryptography-specification-group
>> http://www.pqcrypto.org/
>> https://ianix.com/pqcrypto/pqcrypto-deployment.html
>> https://pqcrypto.eu.org/
>> https://media.ccc.de/v/32c3-7210-pqchacks
>> https://github.com/zcash/zcash/issues/805
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Post Quantum Tor

2018-05-28 Thread Kevin Burress

Okay, a little more grounded, about the Utah datacenter in 2012:

"The NSA project now aims to break the "exaflop barrier" by building a
supercomputer a hundred times faster than the fastest existing today, the
Japanese "K Computer." That code-breaking system is projected to use 200
megawatts of power, about as much as would power 200,000 homes."

https://www.forbes.com/sites/andygreenberg/2012/03/16/nsas-new-data-center-and-ultra-fast-supercomputer-aim-to-crack-worlds-strongest-crypto/#3d46c8f332e0

On Mon, May 28, 2018 at 8:53 PM, grarpamp  wrote:

> https://www.zdnet.com/article/ibm-warns-of-instant-breaking-
> of-encryption-by-quantum-computers-move-your-data-today/
>
> https://csrc.nist.gov/projects/post-quantum-cryptography
> https://wikipedia.org/wiki/Post-quantum_cryptography
> http://www.etsi.org/news-events/news/947-2015-03-news-
> etsi-launches-quantum-safe-cryptography-specification-group
> http://www.pqcrypto.org/
> https://ianix.com/pqcrypto/pqcrypto-deployment.html
> https://pqcrypto.eu.org/
> https://media.ccc.de/v/32c3-7210-pqchacks
> https://github.com/zcash/zcash/issues/805
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] Post Quantum Tor

Re: [tor-talk] Post Quantum Tor

Re: [tor-talk] Post Quantum Tor

Re: [tor-talk] Post Quantum Tor

Re: [tor-talk] Post Quantum Tor

Re: [tor-talk] Post Quantum Tor

6 matches

Site Navigation

Mail list logo

Footer information