The NSA Can Probably Break Tor's Encryption Keys
When it turned out that the Firefox JavaScript Tor vulnerability shenanigans were originating from the NSA not the FBI, it was pretty clear that the agency was looking to undermine and access Tor's anonymous internet. It's like a moth to a flame. But now security expert Robert Graham has outlined his reasons for believing that the NSA doesn't even need tricks and paltry exploits to access Tor, because they have the keys to the kingdom. Or can.
Tor uses 1024 bit keys for a lot of its encryption, and it's pretty much agreed that the NSA can crack these with custom chips that IBM and others manufacture for them. This is especially true for anyone using an old version of Tor like 2.3. The 2.4 version has better security but only about 10 percent of Tor servers have upgraded.
Graham ran a "hostile" exit node on 22,920 Tor connections and looked at the encryption mediated by algorithms on incoming connections. Only about 24 percent were using the newer 2.4 software, meaning 76 percent were using the old, NSA-vulnerable keys. With everything that's coming out about the NSA working to undermine encryption across the board it's another concerning example of NSA proliferation in what's supposed to be an especially anonymous corner of the internet.