Changes between Version 37 and Version 38 of TorWeeklyNews/2013/10

Sep 9, 2013, 3:07:45 PM (6 years ago)

write about Tor crypto


  • TorWeeklyNews/2013/10

    v37 v38  
    3939 XXX:Expand
     41The future of Tor cryptography
     44After the last round of revelations from Edward Snowden, described as
     45“explosive” by Bruce Schneier [XXX], several threads started on the
     46tor-talk mailing list to discuss Tor cryptography.
     48A lot of what has been written is speculative at this point. But some
     49have raised concerns [XXX] about 1024 bit Diffie-Helmank key exchange [XXX].
     50This has already been adressed with the introduction of the “ntor”
     51handshake [XXX] in 0.2.4 and Nick Mathewson encourages everybody to
     52upgrade [XXX].
     54Another thread [XXX] prompted Nick to summarize [XXX] its
     55views on the future of Tor cryptography. Regarding public keys, “with
     56Tor 0.2.4, forward secrecy uses 256-bit ECC, which is certainly
     57better, but RSA-1024 is still used in some places for signatures.
     58I want to fix all that in 0.2.5 — see proposal 220 [XXX], and George
     59Kadianakis’ draft hidden service improvements [XXX,XXX], and so forth.”
     60Regarding symmetric keys, Nick wrote: “We’re using AES128.  I’m hoping
     61to move to XSalsa20 or something like it.”
     63The effort to design better cryptography for the Tor protocols is not
     64new. More than a year ago, Nick Mathewson presented proposal 202 [XXX]
     65outlining two possible new relay encryption protocols for Tor cells.
     67A third question was raised [XXX] regarding the trust in algorithms
     68certified by the US NIST [XXX]. Nick speculations put aside, he also
     69emphasised that several NIST algorithms were “hard to implement
     70correctly” [XXX].
     72Nick’s also plan to move away from NIST algorithms [XXX]: “Over the 0.2.5
     73series, I want to move even more things (including hidden services) to
     74curve25519 and its allies for public key crypto.  I also want to add
     75more hard-to-implement-wrong protocols to our mix: Salsa20 is looking
     76like a much better choice to me than AES nowadays, for instance.”
     78Nick concluded one of his email with “these are interesting times for
     79crypto”. It sounds like a good way to put it.
     81  [XXX]
     82  [XXX]
     83  [XXX]–Hellman_key_exchange
     84  [XXX]
     85  [XXX]
     86  [XXX]
     87  [XXX]
     88  [XXX]
     89  [XXX]
     90  [XXX]
     91  [XXX]
     92  [XXX]
     93  [XXX]
     94  [XXX]
     95  [XXX]
    4197Toward a better performance measurement tool
    246302 * another research paper about hidden services
    247303 * fox-it blog post
    248  * Tor encryption vs. latest revelations about NSA
    249304 * Testing flash proxy infrastructure
    250305 * Quickly testing TOR using Chutney and Fluxcapacitor