Tor anonymity network could be ‘easily compromised,’ researcher says



Published time: September 07, 2013 03:52

Reuters/ Valentin Flauraud

Following revelations of mass online surveillance and encryption backdoors installed by the National Security Agency, some users have flocked to the Tor router service — although experts warn that it may not be as secure as once thought.

Tor, short for “The Onion Router,” has experienced a major uptick
in subscribers since former NSA contractor Edward Snowden leaked
details about the US government’s vast internet surveillance
programs.

The service – which for years accepted funding from US government
entities – has doubled its customer base, thanks to a growing
number of people who wish to conceal their online communication,
search queries, and home location from the government.

The most recent Snowden leak, which disclosed that the NSA uses
backdoors to crack web encryption, may have alarmed Tor users by
revealing that US and British intelligence agencies have also
targeted the very anonymity services that Tor counts itself
among. The NSA has allegedly spent hundreds of millions of
dollars annually to “covertly influence” tech companies, and even
planted undercover agents within major corporations.  

Unfortunately for the thousands of people who rely on Tor, many
of the devices they use to connect to its servers could still be
infiltrated by the NSA. This is partly due to only 10 percent of
Tor servers using its latest iteration which boasts stronger
cryptography.

Rob Graham, the CEO of penetration testing firm Errata Security,
told Ars Technica that he ran a “hostile” exit node on Tor
and found that 76 percent of the nearly 23,000 connections he
tracked used a form of the 1024-bit Diffie-Hellman key.

The NSA’s exact capabilities have yet to be made public, but most
security experts assume the agency could easily crack the key
Graham observed.

Everyone seems to agree that if anything, the NSA can break
1024 RSA/DH keys
,” Graham wrote in a blog post. “Assuming
no ‘breakthroughs,’ the NSA can spend $1 billion on custom chips
that can break such a key in a few hours. We know the NSA builds
custom chips, they’ve got fairly public deals with IBM foundries
to build chips
.”

He also advised users to take responsibility for themselves by
consistently updating their Tor software package and thoroughly
reading through NSA documents that have been made public.

Of course, this is just guessing about the NSA’s
capabilities
,” Graham continued. “As it turns out, the
newer elliptical keys may turn out to be relatively easier to
crack than people thought, meaning that older software may in
fact be more secure
.”

It has been made public that the Department of Defense provided
Tor with $876,099 in 2012 — a sum large enough to make up 40
percent of the project’s $2 million budget. Other government
donors included the US State Department and the National Science
Foundation.

Though the NSA itself is housed under the Department of Defense,
Tor’s executive director Andrew Lewman has said that the
intelligence agency has not requested a backdoor into the system.

The parts of the US and Swedish governments that fund us
through contracts want to see strong privacy and anonymity exist
on the Internet in the future
,” Lewman explain in an email to
customers, as quoted by The Washington Post. “Don’t assume
that ‘the government’ is one coherent entity with one
mindset
.”

Republished from: RT