Tor network vulnerable to NSA spying

Do you use the Tor network? If you're not familiar with the project, it's "free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis." In short, end users setup nodes and then Internet traffic goes through these encrypted nodes, making it difficult for people to eavesdrop on what you're doing.

In the wake of the NSA spying program, it appears that the network may not be as private as we thought. Robert Graham, a security researcher, has concluded that three quarters of all Tor nodes use only 1024-bit Diffie-Hellman keys, and it's generally agreed upon that the NSA can crack these keys in hours using dedicated hardware. The latest release candidate for Tor, version 2.4, switches from the standard Diffie-Hellman key exchange to ECDHE, which are Elliptical-Curve Diffie-Hellman keys, which may greatly increase the privacy of the Tor network. Unfortunately, this version is not yet finalized and may not be as stable as the current release.

Of course there's no guarantee that the NSA hasn't already found an easy way to crack ECDHE, but considering it's not currently as common as other encryption techniques, for now there's a greater chance that it's more secure.

Source: Errata Sec, via Ars Technica | Privacy image via Shutterstock

Report a problem with article
Previous Story

Tony Wang leaves Twitter UK, with Bruce Daisley taking charge

Next Story

Windows Phone 8 GDR3 screenshots leak [Update]

24 Comments

Commenting is disabled on this article.

i think you guys are already forgetting that Microsoft broke into TOR last month with a virus they created. That is how they busted all of those people who thought TOR was hiding them.

About all I can say about this is, duh!!

If somebody wrote the code to make it so secure/private, then there has to be some one who can make it the opposite?!

Tor, or any other type P2P is just such a stupid and slow way of getting things though, IMO!

Using such services will actually drag attention towards you more so then not using them.
But its still a good way to stay more hidden, be an exit node

isnt listening to exit nodes how they used to spy on foreign consulate emails they just sat watching traffic and grabbed whatever they wanted... encrypted going into TOR unencrypted going out

If you don't want the NSA to see or hear it, don't put it on the internet and don't say it over the phone. Use a low watt CB or Ham radio to communicate if you're really that worried about being spied on, at least then they would have to be on your frequency and within 30 or so miles to hear you.

You can use CB Radios to talk to people on the space station so I'm sure with a powerful enough receiver they could still hear your radio.

space != same distance flat on the earth though. Little atmospheric interference if you send signals straight up. No objects diluting the signal either.

Isn't tor just one layer anyway? I mean no offense I am by no means a security expert but until I see hard proof, these articles are yellow journalism.

Thought it was very obvious that they'd cracked tor years ago, anyone basically can, download the exit node source code, edit it and make it start logging and then crack the data later...

FloatingFatMan said,
See, what I do is seed my files with nude pics of myself. Any snoopers go nosing around in there, THEY WILL REGRET IT!

Whatever floats your boat I`ll get me coat...

Money has to come from somewhere to support open source.. and being open source, the source code is open to public viewing.. So I honestly think news media jumped the gun and make everyone so jumpy like a herd of ants on fire. Chill people. Money is just money.

Controversy aside, tor is not that great of a service anyway (I applaud its concept, but the Internet speed is simply suboptimal). You are better off paying for a multinational VPN and enjoy faster speed.

Whilst it's true that Tor is in the process of moving away from an older key exchange, the rest is all completely theoretical yet this article is written as fact (especially the title).

No one knows what the NSA is capable of breaking, the researcher was taking guesses and that is made obvious in his post.

einsteinbqat said,
The NSA Can Decrypt Much Encrypted Web Traffic by The New York Times
http://www.nytimes.com/2013/09...ch-internet-encryption.html

...and it's total speculation as to what exactly they can break. Read the first line of his blog.

"After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break"

There is 0 evidence that the NSA can break the keys Tor uses, pure speculation.

funkydude said,

...and it's total speculation as to what exactly they can break. Read the first line of his blog.

"After more revelations, and expert analysis, we still aren't precisely sure what crypto the NSA can break"

There is 0 evidence that the NSA can break the keys Tor uses, pure speculation.


B-b-b-but internet points!