Majority of Tor crypto keys could be broken by NSA, researcher says

Majority of Tor crypto keys could be broken by NSA, researcher says: The majority of devices connected to the Tor privacy service may be using encryption keys that can be broken by the National Security Agency, a security researcher has speculated.

Rob Graham, CEO of penetration testing firm Errata Security, arrived at that conclusion by running his own “hostile” exit node on Tor and surveying the encryption algorithms established by incoming connections. About 76 percent of the 22,920 connections he polled used some form of 1024-bit Diffie-Hellman key. The analysis came a day after revelations the NSA can circumvent much of the encryption used on the Internet. While no one knows for sure exactly what the NSA is capable of cracking, educated speculation has long made a case that the keys Graham observed are within reach of the US spy agency.

“Everyone seems to agree that if anything, the NSA can break 1024 RSA/DH keys,” Graham wrote in a blog post published Friday. “Assuming no ‘breakthroughs,’ the NSA can spend $1 billion on custom chips that can break such a key in a few hours. We know the NSA builds custom chips, they’ve got fairly public deals with IBM foundries to build chips.”

He went on to cite official Tor statistics to observe that only 10 percent of Tor servers are using version 2.4 of the software. That’s the only Tor release that implements elliptical curve Diffie-Hellman crypto, which cryptographers believe is much harder to break. The remaining versions use keys that are presumed to be weaker.

Graham called on Tor Project leaders to do a better job of getting end users to upgrade to version 2.4, but he also couched his findings with a word of caution.

“Of course, this is just guessing about the NSA’s capabilities,” he wrote. “As it turns out, the newer elliptical keys may turn out to be relatively easier to crack than people thought, meaning that older software may in fact be more secure. But since 1024 bit RSA/DH has been the most popular SSL encryption for the past decade, I’d assume that it’s that, rather than curves, [it’s 1024 RSA/DH] that the NSA is best at cracking.”