Search Mailing List Archives
[liberationtech] [tor-talk] NSA has cracked web encryption!
eugen at leitl.org
Sat Sep 7 11:21:37 PDT 2013
----- Forwarded message from krishna e bera <keb at cyblings.on.ca> -----
Date: Sat, 07 Sep 2013 12:02:06 -0400
From: krishna e bera <keb at cyblings.on.ca>
To: tor-talk at lists.torproject.org
Subject: Re: [tor-talk] NSA has cracked web encryption!
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8
Reply-To: tor-talk at lists.torproject.org
On 13-09-06 10:26 PM, Nick Mathewson wrote:
> Over the 0.2.5 series, I want to move even more things (including
> hidden services) to curve25519 and its allies for public key crypto.
> I also want to add more hard-to-implement-wrong protocols to our mix:
> Salsa20 is looking like a much better choice to me than AES nowadays,
> for instance. I also want to support more backup entropy sources.
Schneier says in the Guardian :
"Prefer symmetric cryptography over public-key cryptography. Prefer
conventional discrete-log-based systems over elliptic-curve systems; the
latter have constants that the NSA influences when they can."
and in Wired :
Breakthroughs in factoring have occurred regularly over the past several
decades, allowing us to break ever-larger public keys. Much of the
public-key cryptography we use today involves elliptic curves, something
that is even more ripe for mathematical breakthroughs. It is not
unreasonable to assume that the NSA has some techniques in this area
that we in the academic world do not. Certainly the fact that the NSA is
pushing elliptic-curve cryptography is some indication that it can break
them more easily.
If we think that’s the case, the fix is easy: increase the key lengths.
The NSA can make use of everything discovered and openly published by
the academic world, as well as everything discovered by it in secret.
Assuming the hypothetical NSA breakthroughs don’t totally break
public-cryptography — and that’s a very reasonable assumption — it’s
pretty easy to stay a few steps ahead of the NSA by using ever-longer
keys. We’re already trying to phase out 1024-bit RSA keys in favor of
2048-bit keys. Perhaps we need to jump even further ahead and consider
3072-bit keys. And maybe we should be even more paranoid about elliptic
curves and use key lengths above 500 bits.
Are there some assurances that Tor is using the best parameters on its
symmetric, public key and curve cryptography? And how can we check?
tor-talk mailing list - tor-talk at lists.torproject.org
To unsusbscribe or change other settings go to
----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5
More information about the liberationtech