[liberationtech] 49 Page NSA analysis of Tor

Andy Isaacson adi at hexapodia.org
Sat Oct 5 00:17:11 PDT 2013


On Fri, Oct 04, 2013 at 02:05:23PM -0700, d.nix wrote:
> Just published by Bart Gellman (Thanks Bart!):
> 
> http://apps.washingtonpost.com/g/page/world/nsa-research-report-on-the-tor-encryption-program/501/

This is the output of a student Summer Program project, as advertised
here:
http://www.nsa.gov/careers/opportunities_4_u/students/undergraduate/msep.shtml

    Cryptanalysis and Exploitation Services Summer Program (CES SP)
    (formerly MSEP)

    The Cryptanalysis and Exploitation Services Summer Program (CES SP)
    is open to undergraduate students majoring in mathematics, computer
    science, or a major with a strong background in math and computer
    science.

Here's one interesting story about a summer program invitation:

http://mathbabe.org/2012/08/25/nsa-mathematicians/

The 2006 CES SP Tor paper is pretty superficial; they make several
claims that don't bear up under the slightest analysis ("we might be
able to MITM a Tor node because the certificates are self-signed") and
don't seem to have developed any significant analysis or attacks on the
system.

This document doesn't give much insight into capabilities the IC has
developed against Tor.  It's apparently quite common to run multiple
research teams (either known or unknown to each other) against a single
target, and a few summer students with a dozen lab machines is a pretty
small investment.  I'd expect there are other programs with more
sophisticated attacks, especially now 7 years later.

In fact the most enlightening fact about this paper might be that the
NSA thought Tor was worth attacking *at all* in 2006.

I wonder if tor.eff.org has any referer logs from 2006 showing inbound
traffic from http://wiki.gchq/ or similar.

-andy



More information about the cypherpunks mailing list