----- Forwarded message from krishna e bera <keb@cyblings.on.ca> ----- Date: Sat, 07 Sep 2013 12:02:06 -0400 From: krishna e bera <keb@cyblings.on.ca> To: tor-talk@lists.torproject.org Subject: Re: [tor-talk] NSA has cracked web encryption! User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130803 Thunderbird/17.0.8 Reply-To: tor-talk@lists.torproject.org On 13-09-06 10:26 PM, Nick Mathewson wrote:

Over the 0.2.5 series, I want to move even more things (including hidden services) to curve25519 and its allies for public key crypto. I also want to add more hard-to-implement-wrong protocols to our mix: Salsa20 is looking like a much better choice to me than AES nowadays, for instance. I also want to support more backup entropy sources.

Schneier says in the Guardian [1]: "Prefer symmetric cryptography over public-key cryptography. Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can." and in Wired [2]: " Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily. If we think that’s the case, the fix is easy: increase the key lengths. The NSA can make use of everything discovered and openly published by the academic world, as well as everything discovered by it in secret. Assuming the hypothetical NSA breakthroughs don’t totally break public-cryptography — and that’s a very reasonable assumption — it’s pretty easy to stay a few steps ahead of the NSA by using ever-longer keys. We’re already trying to phase out 1024-bit RSA keys in favor of 2048-bit keys. Perhaps we need to jump even further ahead and consider 3072-bit keys. And maybe we should be even more paranoid about elliptic curves and use key lengths above 500 bits. " Are there some assurances that Tor is using the best parameters on its symmetric, public key and curve cryptography? And how can we check? [1] http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-survei... [2] http://www.wired.com/opinion/2013/09/black-budget-what-exactly-are-the-nsas-... -- tor-talk mailing list - tor-talk@lists.torproject.org To unsusbscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5