Errata Security CEO Rob Graham has published a blog-postspeculating that ninety percent of the traffic on the Tor anonymized network can be broken by the NSA. That’s because the majority of Tor users are still on the an old version of the software, 2.3, which uses 1024 RSA/DH keys — and at keylengths of 1024 RSA/DH crypto can be broken in a matter of hours using custom chips fabbed at an estimated cost of $1B. It seems likely that the NSA has spent the necessary sum and sourced these chips (likely from IBM).
This isn’t the same as being able to decrypt all of Tor in realtime, but it does suggest that the NSA could selectively decrypt its stored archives of Tor traffic.
However, the new version of Tor, 2.4, uses elliptical curve Diffie-Hellman ciphers, which are probably beyond the NSA’s reach.
Graham faults the Tor Project for the poor uptake of its new version, though as an Ars Technica commenter points out, popular GNU/Linux distributions like Debian and its derivative Ubuntu are also to blame, since they only distribute the older, weaker version. In either event, this is a wake-up call that will likely spur both the Tor Project and the major distros to push the update.
The encryption keys used by most Tor servers can be broken by the NSA in hours. Since they probably archive all Tor communication, they can get the information anytime they need to.
There are better fixes in the pipeline but this also reveals some of the problems with Open Source projects.
To implement this requires a lot of updating and project management among people who are pretty much doing this for free, in their ‘spare’ time.
Sometimes it is hard to move things along without some real fires lit under some people.
Maybe this NSA stuff will light some big ones.