On Wed, Sep 25, 2013 at 9:32 PM, coderman
[... re: NSA has found a way to break Tor... ] i suspect it is the latter that is more concerning. of course NSA has the ability; but do they share it?
the recent releases[0] have shown this to be more complicated than expected. in terms of sharing: other domestic agencies and some of the FVEY partners appear to be partially looped in? likely to find out more over the years,... in terms of breaking Tor: the core Tor protocol and network is described repeatedly as difficult to compromise. attacking the client, opportunistic de-anonymization, selective denial of service, and mallory-in-the-middle attacks, all appear extremely effective when they are pointed at Tor users of interest. Tor's dependencies are failing in practice, rather than the network or protocol itself. Roger says the limited number of users targeted is reassuring, “If those documents actually represent what they can do, they are not as big an adversary as I thought,”[1] the lack of widespread de-anonymization of Tor users is an interesting situation. i do not agree that they don't have the ability. other sources clearly show their privileged positioning in the IP core for active attacks as well as the global passive DPI tapping infrastructure technically capable of linking large numbers of Tor users.[2] instead this implies that the other routes to identifying users, particularly taking advantage of the endpoint and operational risks above, are cheaper and more effective. for less effort and resources locate them via side channel tricks, infect them with spyware, and observe what they do pre-encryption-and-pre-proxy directly. it's clear to see why they've been using this approach. [here is where i plug Qubes Tor VM, Tails, Whonix] so after addressing the client side weaknesses, perhaps the elligator datagram based effort[3] will be making progress in time to thwart this new adversary model as the low hanging fruit of Tor client cracking dries up... ;) best regards, 0. NSA Tor dox: http://www.washingtonpost.com/world/national-security/secret-nsa-documents-s... http://cryptome.org/2013/10/nsa-iat-tor.pdf http://cryptome.org/2013/10/nsa-tor.pdf http://cryptome.org/2013/10/gchq-mullenize.pdf http://cryptome.org/2013/10/nsa-egotisticalgiraffe.pdf http://cryptome.org/2013/10/nsa-tor-stinks.pdf http://cryptome.org/2013/10/packet-stain/packet-staining.htm 1. "Secret NSA documents show campaign against Tor encrypted network" http://www.washingtonpost.com/world/national-security/secret-nsa-documents-s... 2. passing the buck on the math; the details you need: https://metrics.torproject.org/index.html / https://trac.torproject.org/projects/tor/ticket/6443 , answer for the question: what is the probability of picking a guard and exit relay using any of five-eyes-and-their-friendlies AS'es, or that travels transoceanic cables at these points, or uses guard and exit relays hosted at an IX under legally compelled (FVEY) or unaware collaboration (e.g. Belgacom)? 3. sorry, no; there is no Tor datagram protocol in the works yet, however initial considerations are in progress: "Implement and experiment with one or more datagram-based designs" https://trac.torproject.org/projects/tor/ticket/4684 http://www.cl.cam.ac.uk/~sjm217/papers/tor11datagramcomparison.pdf this is summarized as picking from multiple hard to very hard options. i'm fond of even more difficulty, and combining these techniques and others (multi-path SCTP in userspace, client-side traffic shaping/prioritization, stochastic fair queuing and packet reordering, etc) for better protection against traffic analysis and active attacks.... might take a while to code up *grin*