http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
If the NSA intercepted all Tor traffic, how fast could they decrypt it? What
are
they up against when trying to break Tor?
___
tor-talk mailing list
tor-talk@lists.torproject.org
https://li
ill really try not to go conspiracy crazy... but that is always a risk
when discussing the NSA on this list :)
if they intercepted everything, there wont be much of a need to decrypt it.
they could watch it going in plaintext to the exit nodes, and use timing attacks and get a pretty good
sense
The bigger the key is, the longer (cpu cycle) it take to encrypt/decrypt ?
Le jeudi 4 avril 2013, Bernard Tyers a écrit :
> Hi,
>
> Is there a reason 1024 bit keys, instead of something higher is not used?
> Do higher bit keys affect host performance, or network latency?
>
>
> Thanks,
> Bernard
>
Hi,
Is there a reason 1024 bit keys, instead of something higher is not used? Do
higher bit keys affect host performance, or network latency?
Thanks,
Bernard
Written on my small electric gadget. Please excuse brevity and (probable)
misspelling.
George Torwell wrote:
a second guess wo
My guess is that the Key size is configured right into the node's source
code.
If you apply multiple key size accross the network, you're exposed with the
smallest encryption key of the circuit.
Except for one thing : if somebody can break one of the circuit's key,
depending of the node number into
That's what I was thinking, I just didn't know if there was another reasons.
I guess the key size is configured on the Tor node? I haven't found it anywhere
in the configuration (I'm using TBB on OS X).
Is it possible to increase the size of the key, if say I've got a big server
running as a no
i may be wrong but:
- we are talking about keys of every node along the path. how can you
increase that just locally?
- keep in mind that we dont know if factoring such a key is likely, if i
remember correctly that talk mentioned huge amounts of computation power
and electricity.
something like
On Thu, Apr 4, 2013 at 5:51 AM, Bernard Tyers wrote:
> Hi,
>
> Is there a reason 1024 bit keys, instead of something higher is not used? Do
> higher bit keys affect host performance, or network latency?
Because in 2003/2004, when we were designing Tor, 1024-bit keys seemed
like they would probab
One ask triggering another :
How do you do a timing attack ? What are the necessary steps to be
successfull in such a thing ? Where can i find some documented timing
attack scenario ?
2013/4/4 Alexandre Guillioud
> My guess is that the Key size is configured right into the node's source
> code.
I may be wrong, but i take for true that NSA as 10 to 30 years advance on
maths and cryptographic méthod.
Le jeudi 4 avril 2013, George Torwell a écrit :
> i may be wrong but:
> - we are talking about keys of every node along the path. how can you
> increase that just locally?
> - keep in mind t
On Thursday, April 04, 2013 10:51:50 Bernard Tyers wrote:
> Hi,
>
> Is there a reason 1024 bit keys, instead of something higher is not used? Do
> higher bit keys affect host performance, or network latency?
Are you talking about the onion key or the identity key? What about the key
exchange use
So, if you're paranoïd, or doing something where paranoïd behavior is
requested, use a vpn inside and outside tor.
Use linked proxy's on top of this. You'll be fine.
2013/4/4 Alexandre Guillioud
> I may be wrong, but i take for true that NSA as 10 to 30 years advance on
> maths and cryptographi
On Thu, Apr 4, 2013 at 2:06 PM, Alexandre Guillioud <
guillioud.alexan...@gmail.com> wrote:
> So, if you're paranoïd, or doing something where paranoïd behavior is
> requested, use a vpn inside and outside tor.
> Use linked proxy's on top of this. You'll be fine.
>
could you elaborate on this a b
I'm in a hurry so, i describe a little scenario :
+ Launch a vpn/ssh tunnel service, and secure bind privoxy/proxifier into
it. (this one is for scrambling, linearising data)
+ Launch a system like Privoxy and/or Proxifier
++ Bind several linked proxy (your data will pass thru each of them)
+ Laun
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
i wasnt going to, but now i have to...
i dont know what tech or knowledge they have.
but i imagine that if you angered them, and they wanted your keys, they
would come and get them.
physically or electronically.
so lets not speculate :)
i have a l
Why not using some exotic scramble of keys/method to encrypt the whole
message ?
The only way to hide/protect us from something we don't know, is putting a
mess in protocols. A big mess.
The point is : How can we unscramble it at the end without revealing the
secret necessary to scramble it ?
Guy
One thing i forgot.. The last vpn/ssh tunnel need to be totally secure.
Basically, you need your personnal anon server to do that. If you can't
handle your own service, you'll better stay with tor as the last system in
the pile.
2013/4/4 Alexandre Guillioud
> I'm in a hurry so, i describe a lit
Just saying TOR was created by the Naval Research Laboratory a part of
DARPA. Since it's inception they could index, spider and track the dark
net.
On Thu, Apr 4, 2013 at 1:08 PM, grarpamp wrote:
> > Guys, if you are in trouble with NSA, or other US governmentals agency,
> > you're screwed. Phy
> ill really try not to go conspiracy crazy... but that is always a risk
...
> there is also a video on youtube from a recent con about the feasibility of
> factoring them, <"fast hacks" or something like that>
There are always rational analyses that can be made.
Many analysts think of the availa
> Guys, if you are in trouble with NSA, or other US governmentals agency,
> you're screwed. Physically. Don't mind your electronical com'.
Very good calibration sir :)
And come to think of it, being in such trouble might not be so bad,
you might find yourself with a lucrative job offer you can't r
On 04/04/2013 08:25 PM, Christopher Walters wrote:
> On Wed, 03 Apr 2013 23:38:40 -0400
> cmeclax wrote:
>
>> http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
>> If the NSA intercepted all Tor traffic, how fast could they decrypt
>> it? What are they up against when trying to break
On Wed, 03 Apr 2013 23:38:40 -0400
cmeclax wrote:
> http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
> If the NSA intercepted all Tor traffic, how fast could they decrypt
> it? What are they up against when trying to break Tor?
Wouldn't this question be more appropriate for a cryp
Could the government spider .onions just as Google spiders the web? Of
course. But the assertion that hidden services have been compromised as
a concept is plain wrong.
Jacob Henner
On 04/04/2013 01:55 PM, Gregory Disney wrote:
> Just saying TOR was created by the Naval Research Laboratory a part
*sigh* at the risk that I am feeding a troll rather than helping
someone wellmeaning but misinformed and the hope that some will find
these points useful despite their having been made many times before:
1. Tor not TOR (See
https://www.torproject.org/docs/faq.html.en#WhyCalledTor )
2. was cre
You can't say how long they need to decrypt anything as long as you don't know
which hardware and supercomputers the NSA exactly uses. And we will never know
more than gossip.
-Original Message-
From: Christopher Walters
Date: Thu, 4 Apr 2013 20:25:17
To:
Subject: Re: [tor
On Thu, Apr 04, 2013 at 01:55:40PM -0400, Gregory Disney wrote:
> Just saying TOR was created by the Naval Research Laboratory a part of
The name's Tor, not TOR.
> DARPA. Since it's inception they could index, spider and track the dark
> net.
___
tor-ta
I would love to see an analysis of a 128 bit AES encryption VS a 10 exoflop
computer. How long to crack it? Anyone got the math on this?
Andreas, your absolutely right, However we can do some estimating.
Just keep in mind... garbage in, garbage out.. but this is a pretty good
guess.
So the fast
timate how this possibly influences the decryption
> of different ciphers?
>
> Andreas
> -Original Message-
> From: Andrew F
> Date: Fri, 5 Apr 2013 13:51:06
> To:
> Subject: Re: [tor-talk] NSA supercomputer
>
>
> I would love to see an analysis of a
Some days ago I read that the first usable Quantumcomputing System is on the
market. Can some estimate how this possibly influences the decryption of
different ciphers?
Andreas
-Original Message-
From: Andrew F
Date: Fri, 5 Apr 2013 13:51:06
To:
Subject: Re: [tor-talk] NSA
Gregory Disney wrote:
> Just saying TOR was created by the Naval Research Laboratory a part of
> DARPA. Since it's inception they could index, spider and track the dark
> net.
The Naval Research Lab didn't "create" Tor, unless you think that grant
money is physically capable of writing code.
R
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 5 Apr 2013, at 19:01, Andrew F wrote:
> The
> speaker said that the gov was storing encrypted messages that have been
> intercepted from critical sources in hopes that quantum computing will
> allow them to crack the encryptions eventually.
But b
fferent ciphers?
>>
>> Andreas
>> -Original Message-----
>> From: Andrew F
>> Date: Fri, 5 Apr 2013 13:51:06
>> To:
>> Subject: Re: [tor-talk] NSA supercomputer
>>
>>
>> I would love to see an analysis of a 128 bit AES encryption VS
George, thank for posting. And perhaps you should read a little closer
before you get critical
I posted this question at the top of my post because I was looking for
someone like you, (well a little nicer) to help us with the math.
Also, I was only restating lectures that I have heard over the
On 04/05/2013 01:01 PM, Andrew F wrote:
>
> Basically he said that with quantum computing all bets are off and every
> cipher today will likely be cracked. Quantum computing will require new
> kinds of ciphers and only those with Qcomputers will be able to decrypt the
> messages.
Not entirely cor
On Fri, Apr 5, 2013 at 6:51 AM, Andrew F wrote:
> I would love to see an analysis of a 128 bit AES encryption VS a 10 exoflop
> computer. How long to crack it? Anyone got the math on this?
[...]
> So what does this mean? Any article that suggest that brute forcing
> present day encryption is no
Anthony, good point. And worth a lot more then $0.02
Thanks Seth excellent write up. I will have to brake out the sci
calculator and run some number.
I know the flops issue is a big one, but thats the only measure I could
find for the big system in Utah.
However, your point is well taken. No w
Andrew F writes:
> So lets look at this from another view. How fast does a computer have to
> be to fully bruit force a 64,128,256 key? ZettaFlops? YottaFlops?
> http://en.wikipedia.org/wiki/Flops Lets assume a classical
> computer.
>
> George, crankup that abacus of yours and let u
Seth David Schoen writes:
> the number of decryptions attempted by a brute force search is given by
>
> decryptions = speed × elapsed time
More generally,
things = things/moment × moments
--
Seth Schoen
Senior Staff Technologist https://www.eff.org/
Electronic Frontier
> Guys, if you are in trouble with NSA, or other US governmentals agency,
> you're screwed. Physically. Don't mind your electronical com'.
totally agree.
http://www.theregister.co.uk/2013/03/29/fbi_stingray_mobile_tracking/
--
[]s Fosforo
On Fri, Apr 05, 2013 at 04:45:57PM -0700, Andrea Shepard wrote:
> [1] Since you can test whether a key is correct in polynomial time using two
> blocks of ciphertext, search for keys is in NP and being able to rigorously
> prove security for a block cipher would imply P != NP as a corollary.
Apolo
Andrew F writes:
> You know, if anyone has an Nvidia Xk20 and an AMD 16 core working together,
> we could test on a small scale and then extrapolate from there, get an
> estimate of efficiency per second and do the calculations. If anyone wants
> to mess around with it and has the hardware... :-
On Fri, Apr 05, 2013 at 01:51:06PM +, Andrew F wrote:
> I would love to see an analysis of a 128 bit AES encryption VS a 10 exoflop
> computer. How long to crack it? Anyone got the math on this?
>
> Andreas, your absolutely right, However we can do some estimating.
> Just keep in mind... garb
Anthony Papillion wrote:
. Granted, quantum computing
will shred most (all?) of the ciphers we currently use.
Which actually is a bit sad, cause RSA appears to be replaceable
Latice-based cryptography:
https://en.wikipedia.org/wiki/Lattice_based_cryptography
As the article says though one n
On Fri, Apr 05, 2013 at 03:28:49PM -0400, Griffin Boyce wrote:
> Gregory Disney wrote:
>
> > Just saying TOR was created by the Naval Research Laboratory a part of
> > DARPA. Since it's inception they could index, spider and track the dark
> > net.
>
>
> The Naval Research Lab didn't "create" T
On Thursday, April 04, 2013 08:17:29 Nick Mathewson wrote:
> On Thu, Apr 4, 2013 at 5:51 AM, Bernard Tyers wrote:
> > Hi,
> >
> > Is there a reason 1024 bit keys, instead of something higher is not used?
> > Do higher bit keys affect host performance, or network latency?
> Because in 2003/2004, w
On Sat, 6 Apr 2013 23:54:34 -0400
cmeclax wrote:
> *The NSA runs a Tor relay called Eve. It's picked as the rendezvous point for
> a hidden service. Can Eve read the plaintext?
No.
Encryption with HS is end-to-end in any case.
Eve cannot reroute data to fake HS without knowledge of onion ide
Paul Syverson wrote:
> Lots of people with lots of different employers, funders, affiliations,
>
etc. have contributed. Whether they were employees or contractors
>
of the Tor Project, Inc., they were all part of the Tor Project.
>
> aloha,
> Paul
Interesting! I actually did not know most of
Thus spake cmeclax (cmeclax-sa...@ixazon.dynip.com):
> On Thursday, April 04, 2013 08:17:29 Nick Mathewson wrote:
> > On Thu, Apr 4, 2013 at 5:51 AM, Bernard Tyers wrote:
> > > Hi,
> > >
> > > Is there a reason 1024 bit keys, instead of something higher is not used?
> > > Do higher bit keys affe
Thus spake unknown (unkn...@pgpru.com):
> On Sat, 6 Apr 2013 23:54:34 -0400 cmeclax
> wrote:
>
>
> > *The NSA runs a Tor relay called Eve. It's picked as the rendezvous
> > point for a hidden service. Can Eve read the plaintext?
>
> No. Encryption with HS is end-to-end in any case. Eve cann
> Paul Syverson wrote:
[... some history of Tor ...]
The posts regarding this history are useful for the historical perspective
and could be put on the website. Then anyone asking can simply be
pointed there, including trolls. Ultimately, Tor is open and of a reasonably
simple and documented desi
On Sun, Apr 07, 2013 at 04:30:34PM -0400, Griffin Boyce wrote:
> Paul Syverson wrote:
>
> > Lots of people with lots of different employers, funders, affiliations,
> >
> etc. have contributed. Whether they were employees or contractors
> >
> of the Tor Project, Inc., they were all part of the Tor
On Mon, Apr 08, 2013 at 01:42:39AM -0400, grarpamp wrote:
> > Paul Syverson wrote:
>
> [... some history of Tor ...]
>
> The posts regarding this history are useful for the historical perspective
> and could be put on the website. Then anyone asking can simply be
> pointed there, including trolls
On Mon, 8 Apr 2013 09:00:00 -0400
Paul Syverson wrote:
> http://www.onion-router.net/History.html
>
> covers what I said and then some, basically gives a brief history
> roughly 1995-2005. Althought the site seems to be down right now.
Maybe the Navy is blocking it. Site has 100% uptime since mi
Paul Syverson:
> http://www.onion-router.net/History.html
>
> covers what I said and then some, basically gives a brief history
> roughly 1995-2005. Althought the site seems to be down right now.
How long will that page be available anyway?
___
tor-talk
On Sun, Apr 7, 2013 at 4:31 PM, Mike Perry wrote:
> However, it would be interesting to have some benchmarks for high-bit
> ECC implementations. It seems to me they should still be faster than
> modular exponentiation at the same bitwidth, no?
For signing, — If you are willing to have large amoun
On Mon, Apr 08, 2013 at 03:12:51PM -0400, Andrew Lewman wrote:
> On Mon, 8 Apr 2013 09:00:00 -0400
> Paul Syverson wrote:
> > http://www.onion-router.net/History.html
> >
> > covers what I said and then some, basically gives a brief history
> > roughly 1995-2005. Althought the site seems to be do
On Mon, 08 Apr 2013 19:20:02 +
adrelanos wrote:
> Paul Syverson:
> > http://www.onion-router.net/History.html
> >
> > covers what I said and then some, basically gives a brief history
> > roughly 1995-2005. Althought the site seems to be down right now.
>
> How long will that page be availa
FYI, 2011 AES cracked... Sorta. 4 time faster but still takes 2
billion years.
"To put this into perspective: on a trillion machines, that each could test
a billion keys per second, it would take more than two billion years to
recover an AES-128 key," the Leuven University researcher added.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2013 04:25 PM, Christopher Walters wrote:
> As for the NSA, they closely guard how many supercomputers they
> have and how many they use for decryption. However, if you are on
> their
In 1999 and 1998 the Pittsburgh Supercomputing Center (p
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/04/2013 06:05 PM, Jacob Henner wrote:
> Could the government spider .onions just as Google spiders the web?
> Of course. But the assertion that hidden services have been
> compromised as a concept is plain wrong.
Exactly. There is no reason tha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 04/05/2013 02:01 PM, Andrew F wrote:
> Basically he said that with quantum computing all bets are off and
> every cipher today will likely be cracked. Quantum computing will
> require new kinds of ciphers and only those with Qcomputers will be
> ab
I know a chip designer who explained to me that when they are testing chips
for functionality, workability and general integrity, they will run test
chips on a wafer. So while expensive, it is possible to do short runs on
custom cpu's. Test runs happen everyday at every foundry. It is
completel
> infrastructure for supercomputing is immense, and very visible in the
> sense of taking up a lot of space as well as power requirements.
> Those facilities would stick out a country mile, and should be fairly
> easy to spot, leading to more focused speculation if nothing else.
>
> I read in a cou
Cheating is always easier. What about discouraging the number of exit
routers and salting the network with compromised servers? That could and
probably already has been done.. So cracking tor becomes relatively trivial
from a government standpoint should they decide it is needed.
Now about messa
On 12.04.2013 20:11, grarpamp wrote:
The US does now disclose the aggregate budgets for DoD, DHS, and
intel services under which NSA falls as a non line item. A search will
yield analyst estimates of the actual black amounts, etc. There's even
big wall posters for it all. No budget can exceed tax
> Oh! The Romantic Life of a Beancounter.
> How about The Politics of Heroin in Southeast Asia? Does that get listed in
> the Congress debate for budget?
Ever see Indiana Jones? Somewhere in that giant warehouse
is the answer you seek. Bring your beancounters and be sure
to pack a lunch :) Suffice
On 19.04.2013 16:43, grarpamp wrote:
Oh! The Romantic Life of a Beancounter.
How about The Politics of Heroin in Southeast Asia? Does that get listed in
the Congress debate for budget?
Ever see Indiana Jones? Somewhere in that giant warehouse
is the answer you seek. Bring your beancounters and
How about he BSD license?
On Fri, Apr 19, 2013 at 11:28 AM, NoName wrote:
> On 19.04.2013 16:43, grarpamp wrote:
>
>> Oh! The Romantic Life of a Beancounter.
>>> How about The Politics of Heroin in Southeast Asia? Does that get listed
>>> in
>>> the Congress debate for budget?
>>>
>>
>> Ever se
68 matches
Mail list logo
