Jump to content

ande
 Share

Recommended Posts

Tor is still DHE 1024 (NSA crackable)

After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break. But everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys. Assuming no "breakthroughs", the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they've got fairly public deals with IBM foundries to build chips.

The problem with Tor is that it still uses these 1024 bit keys for much of its crypto, particularly because most people are still using older versions of the software. The older 2.3 versions of Tor uses keys the NSA can crack, but few have upgraded to the newer 2.4 version with better keys.

You can see this for yourself by going to a live listing of Tor servers, like http://torstatus.blutmagie.de/. Only 10% of the servers have upgraded to version 2.4.

Recently, I ran a "hostile" exit node and recorded the encryption negotiated by incoming connections (the external link encryption, not the internal circuits). This tells me whether they are using the newer or older software. Only about 24% of incoming connections were using the newer software. Here's a list of the counts:

14134 -- 0x0039 TLS_DHE_RSA_WITH_AES_256_CBC_SHA
5566 -- 0xc013 TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
2314 -- 0x0016 TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
905 -- 0x0033 TLS_DHE_RSA_WITH_AES_128_CBC_SHA
1 -- 0xc012 TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA

The older software negotiates "DHE", which are 1024 bit Diffie-Hellman keys. The newer software chooses ECDHE, which are Elliptical-Curve keys. I show the raw data because I'm confused by the last entry, I'm not sure how the software might negotiate ECDHE+3DES, it seems like a lulz-worthy combination (not that it's insecure -- just odd). Those selecting DHE+3DES are also really old I think. I don't know enough about Tor, but I suspect anything using DHE+3DES is likely more than 5 years old.

(By the way, I used my Ferret tool to generate this, typing "ferret suites -r ".)

The reason software is out of date is because it takes a long time for repositories to be updated. If you type "apt-get install tor" on a Debian/Ubuntu computer, you get the 2.3 version. And this is what pops up as the suggestion of what you should do when you go to the Tor website. Sure, it warns you that the software might be out-of-date, but it doesn't do a good job pointing out that it's almost a year out of date, and the crypto the older version is using is believed to be crackable by the NSA.

Of course, this is still just guessing about the NSA's capabilities. As it turns out, the newer Elliptical keys may turn out to be relatively easier to crack than people thought, meaning that the older software may in fact be more secure. But since 1024 bit RSA/DH has been the most popular SSL encryption for the past decade, I'd assume that it's that, rather than curves, that the NSA is best at cracking.

Therefore, I'd suggest that the Tor community do a better job getting people to upgrade to 2.4. Old servers with crackable crypto, combined with the likelyhood the NSA runs hostile Tor nodes, means that it's of much greater importance.

by Robert Graham from Errata Security


The feds pay for 60 percent of Tor’s development. Can users trust it?

This week, we learned that the NSA had managed to circumvent much of the encryption that secures online financial transactions and other activities we take for granted on the Internet. How? By inserting backdoors into the very commercial software designed to keep sensitive medical records, bank files and other information private.

The NSA’s sustained attempt to get around encryption calls into question many of the technologies people have come to rely on to avoid surveillance. One indispensable tool is Tor, the anonymizing service that takes a user’s Internet traffic and spits it out from some other place on the Web so that its origin is obscured.

So far there’s no hard evidence that the government has compromised the anonymity of Tor traffic. But some on a Tor-related e-mail list recently pointed out that a substantial chunk of the Tor Project’s 2012 operating budget came from the Department of Defense, which houses the NSA.

Screen_Shot_2013_09_06_at_3_04_51_PM.png


Last year, DoD funding accounted for more than 40 percent of the Tor Project’s $2 million budget. Other major donors include the U.S. State Department, which has an interest in promoting Internet freedom globally, and the National Science Foundation. Add up all those sources, and the government covers 60 percent of the costs of Tor’s development.

Tor Executive Director Andrew Lewman wrote in an e-mail to users that just because the project accepts federal funding does not mean it collaborated with the NSA to unmask people’s online identities.

“The parts of the U.S. and Swedish governments that fund us through contracts want to see strong privacy and anonymity exist on the Internet in the future,” Lewman wrote. “Don’t assume that ‘the government’ is one coherent entity with one mindset.”

And Roger Dingledine, a founder of the Tor Project, says that the Defense Department money is much more like a research grant than a procurement contract.

“They aren’t ‘buying products’ from us,” Dingledine tells me. “They’re funding general research and development on better anonymity, better performance and scalability and better blocking-resistance. Everything we do we publish in the open.”

Dingledine acknowledges that “bad guys” could conceivably introduce vulnerabilities into Tor’s open-source code. But one of the major advantages of open-source software is that the product can be inspected by anyone for defects, which raises its security somewhat. There’d only be a problem if the NSA were somehow able to insert malicious code that nobody recognized.

The NSA didn’t immediately respond to a request for comment Friday afternoon.

Update: Roger Dingledine writes in to explain why the government has never asked the Tor Project to install a backdoor:
I think this is mainly due to two reasons:

A) We’ve had that faq entry up for a long time, including the part where

we say we’ll fight it and that we have lots of lawyers who will help us

fight it. So they know it won’t be easy.

B ) I do a lot of outreach to various law enforcement groups to try to

teach them how Tor works and why they need it to be safe. See e.g.

the first two paragraphs of this:

I think ‘A’ used to be a sufficient reason by itself, but now we’re

reading about more and more companies and services that have tried to

fight such a request and given up. The architecture of the Tor network

makes it more complex (there’s no easy place in the deployed network to

stick a backdoor), but that doesn’t mean they won’t try.

I guess we rely on ‘B’ for now, and see how things go.

Source


Large botnet cause of recent Tor network overload

Recently, Roger Dingledine described a sudden increase in Tor users on the Tor Talk mailinglist. To date there has been a large amount of speculation as to why this may have happened. A large number of articles seem to suggest this to be the result of the recent global espionage events, the evasion of the Pirate Bay blockades using the PirateBrowser or the Syrian civil war.

At the time of writing, the amount of Tor clients actually appears to have more than quintupled already. The graph shows no signs of a decline in growth, as seen below:

tor_metrics1.png

An alternative recurring explanation is the increased usage of botnets using Tor, based on the assertion that the increase appears to consist of mostly new users to Tor that apparently are not doing much given the limited impact on Tor exit performance. In recent days, we have indeed found evidence which suggests that a specific and rather unknown botnet is responsible for the majority of the sudden uptick in Tor users. A recent detection name that has been used in relation to this botnet is “Mevade.A”, but older references suggest the name “Sefnit”, which dates back to at least 2009 and also included Tor connectivity. We have found various references that the malware is internally known as SBC to its operators.

sbc_panel.png

Previously, the botnet communicated mainly using HTTP as well as alternative communication methods. More recently and coinciding with the uptick in Tor users, the botnet switched to Tor as its method of communication for its command and control channel. The botnet appears to be massive in size as well as very widespread. Even prior to the switch to Tor, it consisted of tens of thousands of confirmed infections within a limited amount of networks. When these numbers are extrapolated on a per country and global scale, these are definitely in the same ballpark as the Tor user increase.

Thus one important thing to note is that this was an already existing botnet of massive scale, even prior to the conversion to using Tor and .onion as command and control channel.

As pointed out in the Tor weekly news, the version of Tor that is used by the new Tor clients must be 0.2.3.x, due to the fact that they do not use the new Tor handshake method. Based on the code we can confirm that the version of Tor that is used is 0.2.3.25.

tor_module_analysis.png

The malware uses command and control connectivity via Tor .onion links using HTTP. While some bots continue to operate using the standard HTTP connectivity, some versions of the malware use a peer-to-peer network to communicate (KAD based).

Typically, it is fairly clear what the purpose of malware is, such as banking, clickfraud, ransomware or fake anti-virus malware. In this case however it is a bit more difficult. It is possible that the purpose of this malware network is to load additional malware onto the system and that the infected systems are for sale. We have however no compelling evidence that this is true, so this assumption is merely based on a combination of small hints. It does however originate from a Russian spoken region, and is likely motivated by direct or indirect financial related crime.

This specific version of the malware, which includes the Tor functionality, will install itself in:

%SYSTEM%\config\systemprofile\Local Settings\Application Data\Windows Internet Name System\wins.exe

Additionally, it will install a Tor component in:

%PROGRAMFILES%\Tor\Tor.exe

This location is regularly updated with new versions.

Related md5 hashes:

2eee286587f76a09f34f345fd4e00113 (August 2013)c11c83a7d9e7fa0efaf90cebd49fbd0b (September 2013)

Related md5 hashes from non-Tor version:

4841b5508e43d1797f31b6cdb83956a3 (December 2012)4773a00879134a9365e127e2989f4844 (January 2013)9fcddc45ae35d5cdc06e8666d249d250 (February 2013)b939f6ef3bd292996f97aa5786757870 (March 2013)47c8b85a4c82ed71487deab68de196ba (March 2013)3e6eb9f8d81161db44b4c4b17763c46a (April 2013)a0343241bf53576d18e9c1329e6a5e7e (April 2013)

Source


New Tor 0.2.4.17-rc packages

There's a new Tor 0.2.4.17-rc to hopefully help mitigate some of the problems with the botnet issues Tor is experiencing. All packages, including the beta Tor Browser Bundles, have been updated. Relay operators are strongly encouraged to upgrade to the latest versions, since it mostly has server-side improvements in it, but users will hopefully benefit from upgrading too. Please try it out and let us know.

https://www.torproject.org/projects/torbrowser.html.en#downloads

Tor Browser Bundle (2.4.17-beta-1)

Update Tor to 0.2.4.17-rc
Update NoScript to 2.6.7.1
Update HTTPS Everywhere to 4.0development.11

Source

Link to comment
Share on other sites

  • Replies 9
  • Views 5.1k
  • Created
  • Last Reply

Top Posters In This Topic

  • CODYQX4

    1

  • ande

    2

  • Reefa

    1

  • locoJoe

    2

Top Posters In This Topic

That is a very complex question, and quite off the topic.

TrueCrypt is design to secure local information, it is not suited for online protection (dynamic data encryption).

If they manage to seize your machine then it's too late.

For instance even if you have hidden disks triggered to delete itself under certain conditions,

they can still bypass protection by making multiple shadow copies of your whole drive

and preform different approaches on shadow copies in order to extract the information.

If TC implementation of certain algorithm has shortcomings then by reverse engineering TC it would be possible to find logical errors which in the end might lead to decrypting data, but only data encrypted using same TC implementation of considered algorithm.

On the other hand cracking well proven encryption is possible either by evolving mathematics or by faster computation.

Our privacy is mostly invaded while surfing the internet and using online services,

that's where we are most vulnerable, where our cookies, IP address and behavior is being tracked and collected.

The big Q here is how can we continue to use these services and still keep our privacy, or at least what's left of it.

Edit:typo

Edited by ande
Link to comment
Share on other sites

That is a very complex question, and quite off the topic.

TrueCrypt is design to secure local information, it is not suited for online protection (dynamic data encryption).

If they manage to seize your machine then it's too late.

For instance even if you have hidden disks triggered to delete itself under certain conditions,

they can still bypass protection by making multiple shadow copies of your whole drive

and preform different approaches on shadow copies in order to extract the information.

If TC implementation of certain algorithm has shortcomings then by reverse engineering TC it would be possible to find logical errors which in the end might lead to decrypting data, but only data encrypted using same TC implementation of considered algorithm.

On the other hand cracking well proven encryption is possible either by evolving mathematics or by faster computation.

Our privacy is mostly invaded while surfing the internet and using online services,

that's where we are most vulnerable, where our cookies, IP address and behavior is being tracked and collected.

The big Q here is how can we continue to use these services and still keep our privacy, or at least what's left of it.

[/indent]

Edited by locoJoe
Link to comment
Share on other sites

Thanks for sharing ande, great read. I actually posted up the article here when it first came to light that the NSA had that capability (though I already new it for a long time). My first thoughts were about this exact subject. Apparently they have made some breakthroughs in their decryption capabilities recently and that in concert with their building of entry points into technologies from the get-go and their deals with the private sector is really a formidable mix. This really underscores the importance of keeping your software up to date, particularly when you depend on it for security or privacy. Many have warned of the unchecked growth of this organization and many didn't listen, look where we are now.

Note to staff: It would be nice if the edited by stamp could be optional like a checkbox in the message screen. I've seen it on other sites and I like it better because why should you leave that behind if you didn't want to or just changed a tiny thing? Just a suggestion that maybe you could consider on your next update to the site. Everything else is perfect though, great layout, functionality, staff, members, etc. Thanks for all your hard work and dedication, I really appreciate it.

Edited by Cypher3927
Link to comment
Share on other sites

any encryption is crackable by brute force...

we all know it could take ages "for common humans computers" depending of complexity, but not for government's super computers that have a lot of CPU/GPU and other powerful things (like non-public IBM chips), that can easily reveal encrypted info only in few seconds or minutes.

or you guys still think that these government's super computers are only used for scientist purposes ?

Link to comment
Share on other sites

Sorry Off Topic - Kinda....

I wonder if TrueCrypt is crackable by NSA (I figure if they cant do it no one can)?

TrueCrypt Forum Topic on this matter: http://forums.truecrypt.org/viewtopic.php?t=28840

2lj3y49.jpg

Its a military encryption, so they got a secret method to decrypt each end every encryption, most is to trying to creating your own :)

Edited by emerglines
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...