On Fri, Oct 04, 2013 at 02:05:23PM -0700, d.nix wrote:

Just published by Bart Gellman (Thanks Bart!):

http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-tor-e...

This is the output of a student Summer Program project, as advertised here: http://www.nsa.gov/careers/opportunities_4_u/students/undergraduate/msep.sht... Cryptanalysis and Exploitation Services Summer Program (CES SP) (formerly MSEP) The Cryptanalysis and Exploitation Services Summer Program (CES SP) is open to undergraduate students majoring in mathematics, computer science, or a major with a strong background in math and computer science. Here's one interesting story about a summer program invitation: http://mathbabe.org/2012/08/25/nsa-mathematicians/ The 2006 CES SP Tor paper is pretty superficial; they make several claims that don't bear up under the slightest analysis ("we might be able to MITM a Tor node because the certificates are self-signed") and don't seem to have developed any significant analysis or attacks on the system. This document doesn't give much insight into capabilities the IC has developed against Tor. It's apparently quite common to run multiple research teams (either known or unknown to each other) against a single target, and a few summer students with a dozen lab machines is a pretty small investment. I'd expect there are other programs with more sophisticated attacks, especially now 7 years later. In fact the most enlightening fact about this paper might be that the NSA thought Tor was worth attacking *at all* in 2006. I wonder if tor.eff.org has any referer logs from 2006 showing inbound traffic from http://wiki.gchq/ or similar. -andy