Help Tor Find a New Executive Director

The Tor Project is continuing its world-wide search for our new Executive Director. We need your help to find this person, whether they work for a nonprofit organization, for a tech company, at a university, for an open software project, or somewhere else entirely. We are open to candidates from lots of different backgrounds.

Here's a link to our original blog post with many more details, including how to submit candidates: Tor Project Launches Worldwide Search for a New Executive Director

An excerpt:

"The Tor Project, one of the world’s strongest advocates for privacy and anonymous, open communications is currently seeking an experienced Executive Director to lead the organization. The new Executive Director will spearhead key initiatives to make the organization even more robust in its work to advance human rights and freedoms by creating and deploying anonymity and privacy technologies, advancing their scientific and popular understanding, and encouraging their use."

Please take a moment to consider whether you know a candidate, likely or unlikely, who might be a great fit for this position.

Thanks!

zoobab

August 18, 2015

Permalink

I don't think Tor needs an executive director that is famous or publicly well-known to the general public or even the Tor community at large.

The Tor project needs someone who can be trusted, someone who is not at risk of being exploited by nation states, criminal organizations or any other group with their own self-interests that could hurt any user or future user of Tor.

The executive director should be fluent in technology allowing only the technical team to surpass that knowledge yet amongst their peers they command a leading knowledge of today's technologies as well as vision of future technologies developing including the low-down on cryptography, networks, virtual tech from containers through to SDN, a good understanding of the work of W3C/IETF/EFF and at least some degree of knowledge about security practices in general from securing their personal domain to operating in a secure organisation's domain.

The executive director should be someone who is a natural leader, that does not bark commands but instead invites people to engage in the mission. I would hope that the executive director would be an advocate for what is being called the 'open organisation' which bases itself on the principles of open source ecology, meritocracy and transparency.

Finally, I would hope the executive director would be someone looking to stay in the role for at least 7 years, seeing it as an opportunity unlike any other that is more based on bringing their talents to the Tor project rather than using the Tor project to promote their own personal agenda / career.

Like the last 500 posts - you want Superman. You want Jesus. You want the hand of god on earth. Keep praying. Your post reads like a prayer.

You need a shot of practicality.

Edward Snowden elected as lead "In absentia" until he decides to stay.

Truth is this: No man can lead this. He doesn't exist. You need a construct. A God. You need a new God. Elect "Dread Pirate Roberts" -- while knowing it's no one. It's an idea. People die. Ideas don't die.

Make the idea. Afterwards -- make the religion.

Then employ converts.

https://youtu.be/3posPWuA9Ss?t=130

This is so basic.

zoobab

August 19, 2015

Permalink

> I think the greatest danger that NSA will "shape" the future development of the Tor Project comes through dubious funding sources such as DARPA, SRI (which has longstanding ties to USIC), and NED (an Eisenhower-era holdover).

Stand by that, but...

http://america.aljazeera.com/opinions/2015/8/russians-exiled-back-to-th…
Russians exiled back to the kitchen
The Kremlin is trying to create a paternalistic relationship between the state and its citizens
Svetlana Gannushkina
August 19, 2015

"On July 28, Russia designated the National Endowment for Democracy, a Washington-based nonprofit, which has supported human rights and civil society groups in the country, as “undesirable” and banned it."

... NED has never looked so good.

zoobab

August 21, 2015

Permalink

> I don't think Tor needs an executive director that is famous or publicly well-known to the general public or even the Tor community at large.

That all sounds sensible to me.

zoobab

August 24, 2015

Permalink

> Am I naive to suggest Jacob Applebaum [for Exec Dir of Tor Project]?

Not everyone can watch videos so many thanks to bancfc for posting a summary of Jacob Appelbaum's talk. As evidence that his expertise is best reserved for coding work, from:

https://lists.torproject.org/pipermail/tor-talk/2015-August/038847.html

> Debian Hardening topics covered:
* Disabling Avahi and Samba NFS by default
* Packaging grsecurity/PaX, Pond, xmpp-client, Tor Browser, Tor-launcher and pluggable transports - work currently being done on Tor related packages as of 2015
* Adoption of Subgraph Oz sandboxing framework
* Cleaning vulnerable legacy networking protocols out of the Debian
kernel
* Distribution of Tor in a base Debian distro
* Giving a sshd onion service as an install time option
* Encryption of system as default on install time
* Address Sanitizer and compiler time hardening of packages
* Adoption of new rootless, type safe DHCP daemon written by him and Dan Bernstein
* Adoption of tlsdate or alternative to unsafe NTP
* Gnuk libre hardware keycard adoption
* Encrypting APT connections to prevent package metadata leaks and make exploiting problems in APT harder

JA replied in the thread:

> There is a great deal of positive feedback from the Debian community.

Indeed, plus one.

In view of existing apt problems, how bad is the wrmsr vulnerability (as an SMM rootkit vector) for those who run Debian on a computer which uses an affected CPU?

> It takes time and effort - if you'd like to help - please join us in
improving Debian!

Ironically, some of the listed items must be accomplished before I would feel safe trying to help, but since this will likely be an ongoing arms race for some time, I think you can expect more help once you reach some critical level of dragnet-thwartdom!

Performance over security also accords with my experience, but I hope that is changing.

Many thanks to Appelbaum and other Tor and Debian people for all your hard work improving communications/cyber security for the ordinary citizen.

zoobab

August 27, 2015

Permalink

A bit of good news I don't want to be drowned out by gleeful reporting from pimp-media that IBM is calling on corporations to explicitly block torproject.org from their networks (but not for ISPs to block their customers from running Tor clients?):

So often one hears "technical experts" opining that "if the government wants into your computer, they'll get in" [sic]. Some of us have argued for years that evidence suggests that to the contrary, resistance works more often than these "experts" want us to believe.

Here is a fascinating report of a possibly state-sponsored attack on an EFF employee, Jillian York, and unnamed other activists, which shows that a combination of technical knowledge and common-sense wariness, plus a refusal to panic easily, can help you to turn the tables on the bad guys!

https://citizenlab.org/2015/08/iran_two_factor_phishing/

When people try this hard to phish you, you know you're doing something right. But the boundary of what seems like outlandish effort appears to be expanding at the speed of scream, so we urgently need more organizations which offer free public-service forensics to lawyers, journalists, activists and other frequent targets of state-sponsored attacks. Here we confront the same problem as (irony!) FBI: the paucity of trained and trusted experts capable of analyzing state-sponsored attacks.

zoobab

August 29, 2015

Permalink

A new director? Easy...

Contact the staff from Astoria Browser.

Contact the staff from Hornet Browser.

Contact top universities and ask one of their students or professors or alumni or graduates.

Contact Silent Circle staff.

Contact Defcon staff and participants.

Contact Offensive Security group.

Contact Tor fans.

Contact the Swiss Government (they are pro-privacy).

Contact ProtonMail staff.

Contact PGP creator.

Contact Cryptography people.

zoobab

August 31, 2015

Permalink

Many thanks to Tor and Debian developers for addressing a long-standing concern about vulnerabilities in updating computer systems. In particular, Debian users have typically used a utility such as synaptic which runs the venerable apt package manager to contact Debian repositories to fetch upgraded packages including security patches. Unfortunately, packages are generally downloaded via cleartext http protocol.

Long ago Debian introduced automatic strong cryptographic package verification by apt, a very important mechanism for reducing the possibility of an attacker injecting malware into an http download of software, including security patches. (Such behavior has been spotted "in the wild", and the Snowden leaks confirm NSA has been one of the worst offenders.)

However, apt still "leaks" an enormous amount of information about what versions of what packages are installed on a given computer, and the Snowden leaks confirm the longstanding concern that the most dangerous state level attackers maintain huge databases of which software packages are installed on the computer at the other end of every IP address, including PCs used by ordinary citizens. This information can be exploited by attackers such as NSA/TAO, or murky and possibly state-sponsored groups apparently working in countries such as Russia, China, Iran, Syria, and even North Korea. Or by anyone who intrudes into *their* networks and copies *their* code. However, because of its extensive intrusion into virtually every backbone network on the planet, NSA appears to pose the greatest threat here.

The Snowden leaks confirm in detail long-standing concerns that ordinary citizens can be at risk simply because (for example) they happen to know or be related to a telecom engineer, a scientist, a blogger, or even a high school "student of interest". NSA/TAO operatives and other attackers often break into devices owned by such people looking for information they can use to phish their ultimate target. Ironically, NSA people now admit that they know that state sponsored attackers in nations like Russia and China follow the same practices, without admitting that NSA has been doing this longer than anyone. So even if you believe you are not risk ("I'm a grandma and a good Republican so who would want to read my emails?"), as more and more entities obtain the technological capability to mount attacks similar to what NSA has been doing for decades, you are more and more likely to personally encounter sophisticated attacks.

Now for the good news. As noted in Tor Weekly News, Debian is moving towards a system which allows potentially endangered and responsibly wary users (such as bloggers, journalists, political dissidents, politicians, union organizers, ecological activists, protest organizers) to maintain a Debian system over Tor.

I think this is a really important development and it deserves wider publicity. (Attention Kate Krauss?)

The links cited in TWN assume more knowledge than some readers may possess. I suggest a followup post offering more detail, including the following points:

* you will need to install a Debian "unstable" system
* if you have enough space on a hard disk you may be able to do this without overwriting your existing system, but this can be hazardous and tricky, and a security risk
* purchasing a fresh computer with CPU not vulnerable to the wrmsr bug might be your best choice for your new Debian over Tor system
* you need a working computer with GPG/PGP (to verify a signed file) and a utility such as sha256sum (to verify a cryptographic hash)
* you need a DVD R/W drive for the following step
* with some difficulty, it may be possible to fetch the iso image for DVD #1 over Tor
* using your current system, download from debian.org the file containing the SHA-256 hashes including the iso image for DVD #1 (the unstable version); see
https://www.debian.org/CD/http-ftp/
http://cdimage.debian.org/cdimage/weekly-builds/amd64/iso-dvd/
* verify the cryptographic signature of this file
* verify the SHA-256 sum matches the iso image you downloaded
* burn a bootable install DVD from the iso image
* on the computer on which you will install Debian, boot using the install DVD and follow directions
* make sure to use an encrypted volume, which gives "almost full" disk encryption
* after installing Debian from the DVD you can fire up synaptic and make the changes noted in the links in the TWN post; the apt-tor-transport should be available from Debian for unstable systems as a package you install in the usual way (with automatic verification of the cryptographic signature)
* check for updates and install the new packages
* study the packages offered by synaptic and install software defined radio or steganography utilities or document production packages and other software as needed; Debian has everything you could need (if it's available at all), including state of the art packages used extensively (irony!) by some NSA employees in their nasty work.

That might sound complicated, but I think the hardest step is actually obtaining the iso image over Tor. The process only adds a few steps to what users have done for years to install Debian the easy way. In the future, one hopes, it will become even easier for people who are not necessarily comfortable with computers to obtain and maintain Debian over Tor; indeed, this should be the default option.

Hope I haven't forgotten anything or gotten anything wrong; corrections welcome!

It would also be useful to contact reporters at tech news outlets to explain how Debian over Tor works, how people can obtain it, and why they probably should consider doing so.

A possibly controversial point here which you might consider noting: among those who could benefit immensely from using Debian over Tor are people who work for the directors of FBI, NSA, USCG, EPA, and other USG agencies, not to mention federally funded climate researchers and medical researchers at great risk for attacks from foreign intelligence agencies, business competitors, etc. Multiple instances of sophisticated hacking attacks against climate scientists, professors of computer science, etc., have been confirmed by expert forensic analysts in the past several years. I believe that system administrators for academic departments in US and EU universities would be wise to consider moving to Debian over Tor, to protect their students and faculty from a long established plague of cyberespionage attacks which in recent years has become far more sophisticated and dangerous. (Ironically, in recent months, NSA lobbyists have issued similar warnings, which only a few years ago were often derided by the Feds as "paranoia", because NSA wanted to keep EU/EMEA cybersecurity weak in order to facilitate their own spying, even at the expense of exposing Americans to hazards from, say, Chinese or Russian cyberespionage.)

If Tor can make this case to enough high level USG officials and industry executives, it is possible that this could garner additional support for the universal and strident opposition, among technically knowledgeable internet users, to FBI Director Comey's dangerous and unworkable demands (grounded in an astounding misunderstanding of how the modern world works) for legally mandated backdoors into all operating systems (Debian, etc), cryptographic packages (GPG, openssl, etc.), and Tor.

Tor leaders have repeatedly declared that Tor has never permitted backdoors and never will. But the leadership and most of the coders are based in the USA. If Comey succeeds in establishing legally mandate backdoors in every computer in the world, what is our plan? Can the project move overseas and ensure that Tor users inside the USA will continue to be able to obtain non-backdoored Tor, openssl, GPG, Debian?

zoobab

September 02, 2015

Permalink

Every time i run TOR browser and it connects automatically, my circuit goes ALWAYS in first place through Ukraine, then usually Russia. Connection is slow as it can be. After 40 tries to relaunch browser situation does not change. Again UA>RU>GR>US. I figured out that only if i decide to connect "manually", check that i do not have a proxy ect and click connect, my circuit goes way more randomly and almost never goes through UA/RU. Is it intentional or some kind of bug? I'm logging to tor from Warsaw, Poland.

The "first place" on circuit (called "guard node" or "entry node") is NOT intended to change often.

Changing it often makes it much more likely your Tor will accidentally use one of the malicious entry nodes.

zoobab

September 02, 2015

Permalink

> Down the road a couple years,

So did someone compromise the Tor blog site, or did a Tor Project staffer goof?

zoobab

September 02, 2015

Permalink

I downloaded Tor Browser bundle 5.0.2 from torproject.org.

Verifying the detached signature gave:

gpg: Signature made Thu 27 Aug 2015 07:47:22 PM UTC
gpg: using RSA key 0x2E1AC68ED40814E0
gpg: Good signature from "Tor Browser Developers (signing key) " [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290
Subkey fingerprint: BA1E E421 BBB4 5263 180E 1FC7 2E1A C68E D408 14E0

Checking the signatures, I saw:

sub 4096R/0x2E1AC68ED40814E0 created: 2014-12-15 expires: 2017-08-25 usage:
S

This key was revoked on 2015-08-26 by RSA key 0x4E2C6E8793298290
Tor Browser Developers (signing key)

Is there a problem?

zoobab

September 02, 2015

Permalink

> Someone goofed and approved a spam comment. Fixed now.

Glad to know this. Sorry you have to deal with chain-spam and such, but not surprised.

Is there a problem with the TBB signing key? It seems one subkey may have been revoked?

No. That subkey got never used so far and was visible for a short time (a couple of minutes) on my people.torproject.org directory by accident. Thus, we revoked it to be on the safe side.

zoobab

September 03, 2015

Permalink

About Cryptographers. Someone in the direction of Schneier? I mean you know he probably is one of the more calm persons which might be good?

zoobab

September 04, 2015

Permalink

> No. That subkey got never used so far and was visible for a short time (a couple of minutes) on my people.torproject.org directory by accident.

Ow.

> Thus, we revoked it to be on the safe side.

Good to know, thanks much!

Well known cryptographers have been warning for years that because big companies and nasty governments control the funding and are focused on short term gains, society is neglecting to develop alternatives like ECC and NTRU in case RSA is cracked tomorrow. I fear he is right and I would like to urge the next Executive Director of Tor Project to make this point whenever s/he has the ear of anyone in a position to get some money to develop working/deployed implementations of ECC, NTRU, etc. Waiting passively for an unexpected breakthrough in factoring seems like a very bad idea.

I can't understand why NIST isn't doing something serious to get well ahead of the factorization curve, given that they appear to have recognized that they never should have trusted their NSA advisors further than they could spit.

Huh?

Tor uses ECC already for most things, and as of 0.2.7.x, the only place where RSA is required would be for interoperability with old versions and Hidden Services (Because no one wants to fund the Prop. 224 work to migrate HSes to Ed25519).

The likely large-key RSA break would be a sufficiently large Quantum computer, which would be capable of breaking all of the ECC based crypto used in Tor currently as well (A modified variant of Shor's Algorithm can solve the Elliptic Curve Discrete Logarithm problem quite quickly).

NTRU on it's own is not sufficient to replace RSA (or the to-be-broken ECC for that matter) due to the only time tested operation being Encryption (NTRUSign is catastrophically broken, NTRU-KE is too new to be deployed). As a matter of principle, I'd be fairly sad to see NTRU included in Tor before sometime in 2017 (2020 for the newer parameter sets) since those are the years when the patents expire, though there is a FOSS Patent Grant available.

This paper: https://eprint.iacr.org/2015/676.pdf from Cisco shows that the NTRU library has some serioius issues - not the NTRU primitive itself, but the key generation and padding scheme have problems. The key generation can be attacked with fewer NTRU multiplications than expected - 104 bits of work for the 112-bit target level, 112 for 128-bit, 137 for 192-bit, 197 for 256-bit. Still pretty big, but a lot less than the target level. Plaintext recovery attack works because there's a quantum attack on the hash output - either 80 or 128 (quantum) bits for 160 or 256 bit hash. The paper recommends new parameter sets that are properly designed to be Quantum Resistant.
-- lukep

Yeah I read the paper.

The key generation problem is easily fixed, and most real implementations will not use a `Hash_DRBG`construct for key generation[0]. It's worth noting that 2^104 (and beyond) are still in the realm of computationally infeasible, if we were to implement the handshake, I would probably push to use EES1171EP1 (EES743EP1 would be better, but it's encumbered till 2020) for a 2^197 security level unless performance/bandwidth constraints mandate otherwise.

This all is still a bit in the future so who knows, maybe by the time this is set to be implemented, a usable Ring-LWE or SIDH codebase will appear and we can skip using NTRU all together.

[0]: libntru does not IIRC, and neither does mine.

zoobab

September 06, 2015

Permalink

@yawning: thanks for the corrections. The relevant Wikipedia articles were not very helpful, but I found an authoritative source of recent information on the current situation (not specific to Tor but including some information about how Tor is affected):

http://nist.gov/itl/csd/ct/post-quantum-crypto-workshop-2015.cfm

"The advent of practical quantum computing will break all commonly used public key cryptographic algorithms. In response, NIST is researching cryptographic algorithms for public key-based key agreement and digital signatures that are not susceptible to cryptanalysis by quantum algorithms. NIST is holding this workshop to engage academic, industry, and government stakeholders."

The slideset by Bart Preneel (very bottom of the page) gives an efficient and informative overview.

The problem:

* we need to worry about data privacy, data integrity, and authentication
* so Three Needs: quantum-resistant algos for asymmetric encryption, signatures, key-exchange

There are also concerns about the slowness of development of new symmetric encryption schemes in case AES is broken (which would break LUKS disk encryption and USB stick encryption), but AFAIK AES is not obviously immediately broken by the advent of large quantum computers.

The bad news is:

* RSA depends on the hardness of factoring big integers, so vulnerable
* DH key exchange and DSA (and El Gamal encryption used in GPG for key exchange) depends upon discrete log, and are vulnerable
* ECC depends upon the hardness of a similar discrete log problem, and is vulnerable
* OpenSSL supports various stream ciphers other than AES (good!) but requires RSA, DSA, or ECC for key exchange, so vulnerable
* GnuTLS uses RSA and ECDSA for key exchange, so vulnerable
* LibreSSL supports ChaCha stream cipher (good) but uses ECC for key exchange, so vulnerable

So unless I am still confused, pretty much everything needed for Tor, https, and GPG would be immediately broken by a big quantum computer--- disastrous!

The good news is:

* this is thought to be a medium term risk, not something likely to happen tomorrow (some support in the Snowden leaks for this view)
* there are a number of schemes addressing the Three Needs which rely upon the hardness of problems which are not known to be vulnerable to a big quantum computer
* NTRU depends on hardness of shortest vector problem, and ultimately upon hardness of factoring polynomials in certain rings
* There is a GPL licensed implementation of NTRU, not by the three inventors
* McEliece's scheme is particularly attractive IMHO but requires much larger public and private keys than current "strong crypto"
* several talks clearly express recognition that NSA, as the Universal Enemy, is the appropriate "benchmark" for security research,
* some slide sets even include leaked images such as an NSA/TAO operative inserting malware into a server which had been diverted during shipment to their secret site, so these guys really "get it", and that is really good to know
* EU governments such as Belgium and Norway are paying close attention to the revelations in the Snowden leaks about what their "friend" NSA is doing to them, and preparing appropriate countermeasures

A nice task which someone might take up: prepare a blog post explaining how recent and near future TBB and Tails uses various basic cryptographic algorithms relying for security upon the presumed hardness of various computational problems

It is important to bear in mind that, as one slide puts it, "physics trumps math" (one revelation from the Snowden leaks is that some NSA malware can abuse the memory bus in an ordinary PC to function as a low power WiFi transmitter for short range exfiltration to hidden receivers located in vehicles which drive by your location--- a scheme they apparently tested on unwitting US university students--- or to inconspicuous microdrones. One might be tempted to assume that such schemes are unsuitable for dragnet surveillance, but they are sufficiently cheap to be widely deployed against large numbers of specific targets such as telecom engineers, academic scientists, "interesting" non-US company executives, etc. And the leaks show that NSA used drones to attempt to deliver malware to essentially every WiFi-enabled device in certain countries. So we need to address hardware issues too.

Some entrepreneur should start making indoor tents, incorporating a mesh of suitable conductive material, in which you can enclose your desk to construct a makeshift Faraday cage! But pay attention to where the power cords and data cables enter the cage--- quite a bit about how hard it is to make a good Faraday cage in the Snowden leaks.

zoobab

September 10, 2015

Permalink

Even as the Dark Government screeches that it "needs" [sic] backdoors into all civilian crypto and rants against "the Dark Net", IANA has approved a Tor friendly special use-domain:

http://www.theregister.co.uk/2015/09/10/tors_onion_domain_gets_privacyc…
TOR's .onion domain gets privacy-conscious users off the DNS
Metadata gets a little harder to find
Richard Chirgwin
10 Sep 2015

"IANA has okayed the .onion special-use domain for The Onion Router (TOR) community.
The proposal is designed to get rid of on way TOR users could be snooped by spooks - the footprints they leave in the Domain Name System (DNS) if they're trying to locate a server through DNS requests."

The Russian secret police probably don't have as many technology problems as the epic deficiencies of the American phoebes, but it is notable that their malware contractors seem not to have better luck than NSA malware contractors did in directly attacking Tor:

https://lists.torproject.org/pipermail/tor-talk/2015-September/038944.h…

"A company hired by the Russian Interior Ministry to identify users of
the Tor network, an anonymous Internet browser, has announced its plans to terminate its state contract without finishing the task."

I urge US readers to call their Senators to ask them not to support legal mandates for encryption backdoors, or outlawing Tor. Also, to ask them to oppose DOJ's demands to access private message/email content held in Microsoft/Amazon/Facebook servers overseas. If the DOJ wins in US court, this would establish a precedent threatening vital US-based services used by (for example) Spanish citizens opposed to the Vomit Law, or Greek citizens organizing against harsh austerity programs which are literally starving retirees and other vulnerable persons.

I ask the Project to urgently prepare plans to continue to provide unbackdoored Tor to vulnerable users (bloggers, journalists, human rights workers, expatriates, political dissidents) around the world, in the event that the US Congress passes legislation outlawing Tor or mandating backdoors. Increasing numbers of people are utterly dependent upon Tor and GPG for what little safety is still to be had on our troubled planet.

zoobab

September 12, 2015

Permalink

DHS is trying to end the library program and again we're left uninformed?! A lot of us see this site as the hub for Tor related information. Keeping the community informed is critical to winning otherwise losing battles. This is insane. How difficult would it be to set up a similar forum? https://forum.safenetwork.io/ Public relations is key to the success of all but a few projects. I hope for the sake of everyone directly or indirectly involved that communication is improved soon. If not, sit back kick your feet up and watch the demolition occur.

The Tor community is vast, but it does almost nothing to prevent itself from being marginalized. The leadership has taken great strides to that effect in recent months, but it is too late. I believe that the majority of people who know about Tor see it as a tool to enable criminality. I've worked hard, burning some bridges in the process, to show others the importance of anonymity for some people. In my experience, people are generally fine with most of the world not even having enough food, let alone political freedom. There is probably nothing the Tor community can do now to prevent the network from being made illegal outright, or relay operators from being made criminally liable for what traverses the network.

Tor has always responded to anti-privacy forces with the point that societal security can still be maintained in the presence of widespread Tor usage by traditional law enforcement and intelligence methods.

Tor will lose public support if it is seen as administratively helping empower hostile groups who also work to undermine the traditional methods of investigation.

Tor cannot control who uses it on an individual basis, but a Tor executive director must be cognizant that if and when Tor is seen as organizationally facilitating those groups who _also_ work against traditional and necessary focused investigative methods, the Tor suppressors/haters will gain the support to win their battle. Public sympathy will be lost and sadly (perhaps disastrously) also the righteous use of Tor.

While I have no specific knowledge about the writer's allegation regarding the library program, if the program is allowed to organizationally attract hostile elements in bulk, this cannot be overlooked. Efforts to grow Tor usage will need firm guidance from an executive director capable and willing to make possibly tough decisions with board support if it is not to ultimately destroy all of Tor for everyone.

> Tor will lose public support if it is seen as administratively helping empower hostile groups who also work to undermine the traditional methods of investigation.

> Tor is seen as organizationally facilitating those groups who _also_ work against traditional and necessary focused investigative methods,

What hostile groups work to undermine the traditional methods of investigation? The ACLU? The EFF?

zoobab

September 13, 2015

Permalink

Good executive staff cost plenty and tor's no exception to being compelled to hire only those whom they can afford. No doubt tor's sponsors will also find it unnecessary to fund benefit enhancements. In this class, competent executive come in bundles of ten for a dollar. All this hype is just encouraging applicants to overvalue their own skills.

In passing, I'd like to point out that my FF browser settings, except for Adblock, an antivirus app and enabled bookmarks/favourites, is set at tor/NoScript specs.

From where I sit FF would be close to being redundant - were it not for their very important developmental programs. Thank you, Mozilla

zoobab

September 14, 2015

Permalink

> DHS is trying to end the library program and again we're left uninformed?

Give them a chance, events appear to be moving very quickly and I assume they are busy trying to respond to even more dangerous enemy action. DHS threats against libraries thinking of working with Tor are just one aspect of a concerted attack on all aspects of how the Project does its work and communicates with its userbase.

More generally, various nasties in the USG are ramping up their attacks on human rights organizations:

https://theintercept.com/2015/09/13/two-short-paragraphs-summarize-us-a…
Two Short Paragraphs That Summarize the U.S. Approach to Human Rights Advocacy
Glenn Greenwald
2015-09-13

> A lot of us see this site as the hub for Tor related information.

Agreed, but they have said no-one has time to improve it right now. In the context of simultaneous enemy assaults on many fronts, I have to agree project members need to focus their energies on addressing the most urgent dangers.

@Tor: powerful agencies in the US federal government are pushing hard to have Tor and strong civilian cryptography outlawed outright. Most of the key Tor people are based in the USA or client countries. Same holds true for the infrastructure. If USG outlaws Tor or strong civilian cryptography, do you have a plan for reconstituting the project on an emergency basis in some safe haven? Will key Tor people be willing and able to relocate? Will US residents still be able to obtain un-back-doored Tor client software?

zoobab

September 16, 2015

Permalink

> Good executive staff cost plenty and tor's no exception to being compelled to hire only those whom they can afford. No doubt tor's sponsors will also find it unnecessary to fund benefit enhancements.

I hope, and optimistically believe in the absence of evidence to the contrary, that you are underestimating the fact that talented people want to do good. The opportunity to help prevent the extinction of freedom of movement, expression, religion, and liberty is surely the biggest reason why people want to work for Tor, in either a paid or voluntary capability.

zoobab

September 16, 2015

Permalink

> Tor will lose public support if it is seen as administratively helping empower hostile groups who also work to undermine the traditional methods of investigation.

Could you clarify what you mean by these terms?

1. "administratively empower"

2. "hostile groups" (what are they?)

3. "undermine traditional methods" (how?)

> Tor will lose public support

In the USA? I have the impression that currently, the "educated public" in the US is divided into two groups:

1. people who know almost nothing about Tor but vaguely recall hearing it has something to do with scary hackers on the "dark net"

2. people involved in human rights, relief efforts, activism, journalism, or technology issues, who use Tor and value what it can do to help protect liberty, access to information, and freedom of expression, association, orientation, and religion everywhere.

I further have the impression that the first group is currently overwhelmingly larger than the second. Changing that (making Tor use mainstream and as ubiquitous as Facebook use) should be a priority of the next Executive Director. The way to change perception is by getting the word out, by helping current users to organize local community outreach programs reaching out to local journalists, librarians, teachers, parents, and politicians, in order to explain how Tor can help ordinary citizens stay a bit safer in an increasingly hazardous on-line world.

Many libraries offer public space for public meetings. US Tor users who want to help advance the goals of the project might consider encourage local librarians to join the library project, and also using community meetings to help ordinary people learn how Tor can help them in their daily life. The Project can help by providing advice on how to approach librarians and how to "pitch" Tor to ordinary people.

>> Tor will lose public support if it is seen as administratively helping empower hostile groups who also work to undermine the traditional methods of investigation.

>Could you clarify what you mean by these terms?

Yes, an example of traditional methods is the interview as generally practiced in democracies by law enforcement.

With reference to your phrase about Tor, "value what it can do to help protect liberty": Protect liberty, you say? We know that the Tor Project cannot prevent Tor's use by religious or political groups of an authoritarian nature, whose core theology for example espouses domination of (sometimes specifically named) other groups everywhere they may exist in the world.

What Tor's leadership can and must do is be careful not to engage in reach-out to hostile groups under whatever umbrella, directly or indirectly. Or risk losing public support. This requires judgment and knowledge that is not necessarily a part of every generic activist.

zoobab

September 16, 2015

Permalink

Great news from the Library Project!

https://lists.torproject.org/pipermail/tor-talk/2015-September/038994.h…
Tempest tempest at bitmessage.ch
Wed 16 Sep 2015

"i just want to share the news that all of the hard work that has gone
into the library freedom project paid off today at kilton library.
despite pressure from the us federal government, which pulled out every card to sell fear that they had in their hat, the local community refused to accept it and thought on a global level to support the library's choice to offer a tor relay to the public."

Many thanks to Allison, the Library Project, and everyone all over the world who has unflinchingly confronted the evil face of authoritarian dark governance.

Government officials insist upon maintaining complete "visibility" into our entire public and private lives, but refuse to grant the public any insight into their own activities. The result is entirely predicable: endemic corruption, overbearing political oppression, and ultimately state-sponsored genocide of the kind occurring in Syria.

It is all of us against all of them, and the stakes in this struggle are enormous. We must not, through passivity or inaction, let the bad guys win.

zoobab

September 18, 2015

Permalink

hello guys.......how can i use tor..i am 1 hour and 23 minute inside tor and i dont know very much ..i am very new here..thank you

zoobab

September 20, 2015

Permalink

I downloaded Tor Browser bundle 5.0.2 from torproject.org.

Verifying the signature gave:

gpg: Signature made Thu 27 Aug 2015 12:47:22 PM PDT using RSA key ID D40814E0
gpg: Can't check signature: public key not found

On this page https://www.torproject.org/docs/verifying-signatures.html.en says it should say:

The output should say "Good signature":

gpg: Signature made Tue 24 Jan 2015 09:29:09 AM CET using RSA key ID D40814E0
gpg: Good signature from "Tor Browser Developers (signing key) "
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: EF6E 286D DA85 EA2A 4BA7 DE68 4E2C 6E87 9329 8290

is this tor bundle good or should I delete it? the finger print was good though.

zoobab

September 24, 2015

Permalink

We (The People) Make Excellent suggestions, then (Tor community) Want let the people know what is going on. We should have a say! Tor Please let the people know what is going on Via this Blog. At Least why some of the choices are good or bad ideals. That way the people are at least included in the process, and we might have even more ideals. Why would we, alot on more ideals when there is no offical feedback from rep s of TOR. Please keep up the good programing work,just keep us (the People) Informed VIA THIS BLOG!!!

Thanks
NO StackExchange Pls..Or Sux Exchange

zoobab

September 28, 2015

Permalink

> .how can i use tor..i am 1 hour and 23 minute inside tor and i dont know very much

I assume you want to use Tor Browser Bundle (TBB) to browse the internet using Tor.

You need to put two things on your computer:

* GPG
* the Tor Browser Bundle software

To put TBB on your computer, you need to download three files:
* the tar file containing the software
* the detached signature used to verify the tar file
* the public key used to make the signature

You download the first two by pointing your browser to

https://www.torproject.org/download/download-easy.html.en

Make sure you download the correct version for your computer (e.g. 64 bit or 32 bit? Windows or Linux?).

You obtain the public key by typing (in a console or "shell")

gpg --recv-keys 0x93298290

Or if you found it in a web page and downloaded it using a browser, put it in your key storage by typing

gpg --import

Make sure your GPG has the key you need by typing

gpg --list-keys

Verify the tar file like this:

gpg --verify

Notice the signature file is listed first, then the tar file.

GPG should give you a message saying the signature is good.

> gpg: Can't check signature: public key not found

GPG could not find the key used to sign the detached signature on your system. Try again to obtain the key and make sure you imported it into your GPG key store.

Once you have verified the tar file, unpack it using commands like this (may be a bit different on your computer):

unxz name.tar.xz
tar -xvf name.tar

Then navigate into the unpacked directories (folders) looking for a script which starts a Tor-friendly version of the Firefox webbrowser, which works the same way as Firefox. Just execute that script whenever you want to start using Tor to browse the internet.

Don't forget that you will need to download the current version of TBB as each new version becomes available. You follow the same procedure each time. It gets easier with practice!

zoobab

October 01, 2015

Permalink

Two bombshell stories in The Intercept should help encourage Tor Project developers to keep up their good work, and may help Project leaders to fend of current political attacks by people like FBI Director James Comey.

One key argument used by privacy advocates and cybersecurity experts in CryptoWars II is that putting in encryption backdoors for use by the US invites other actors to exploit "lawful access" capabilities.

Now James Bamford (author of three books on NSA) reveals

* as was long suspected, NSA was responsible for the notorious cyberespionage operation in which the phones of leading Greek politicians, bankers, reporters and other "persons of interest" was tapped undetected for years; the secret surveillance was accidentally discovered in 2005
* as was immediately suspected, USIC may have been involved in the mysterious suicide of a Greek telco engineer who may apparently had knowledge of the antecedent secret NSA surveillance program, in which NSA got itself *invited* by the Greek government to snoop "temporarily" [sic] during the Athens Olympics
* NSA had told the Greek government it would pack up and go home after the Athens games, but of course it was lying
* In fact, NSA continued and expanded their spying on Vodaphone Greece customers by exploiting the fact that Greek telecoms were using commercial systems with a "lawful intercept" capability which had not been used by the Greek government: NSA intruders simply quietly turned on this capability and used it to target leading Greek politicians
* Targeted phone calls were cc'd to secret NSA burner phones and then secretly conveyed back to NSAW
* Supporting documents from the Snowden trove show that NSA and GCHQ attempt to exploit lawful access protocols mandated by CALEA (US), ETSI (EU and UK), SORM (Russia) to secretly spy on their own targets in countries which use "lawful access" systems sold by E
* To exploit "lawful access" systems, NSA intercepts satellite, microwave, and fiber optic data links; in addition SSO (Special Source Operations) provides access to cables, performs "black job" burglaries, and TAO (Tailored Access Operations) performs cyberintrusions into police agency networks
* CIA has implemented its own dragnet surveillance of GSM calls in the EU, and shares the stolen information with NSA

The principle lesson for governmental and corporate "partners" of USIC: you can't trust spooks! NSA told Google, "if you give us what we want voluntarily [PRISM], we won't break into your private networks", but that was a lie. They told Greece, "let us help you ensure nothing untoward happens during the Athens games by letting us into your telco networks, and we'll shut it down as soon as the games are over", but that was a lie. There are dozens of other equally stark examples in the Snowden leaks. Spooks lie. Constantly. It's an essential element of their evil ethos. It's simply in their nature to lie. So don't trust 'em. Ever.

See

https://theintercept.com/2015/09/28/death-athens-rogue-nsa-operation/
Did a Rogue NSA Operation Cause the Death of a Greek Telecom Employee?
James Bamford
29 Sep 2015

Once again, the Snowden leaks have confirmed in detail "paranoid" suspicions expressed by well-informed observers years earlier:

http://p10.hostingprod.com/@spyblog.org.uk/blog/2006/02/vodafone_greece…
> ...
> The list of 44 surveillance targets (some of whom had more than one Vodafone phone) also includes some Arabic businessmen , as well as the Government politicians, opposition politicians and military personnel. The Sunday Times also reports the suspicious timing of the suicide of a key Vodafone employee: "As part of the government’s investigation into the scandal, the suicide of Kostas Tsalikidis, 39, Vodafone Greece’s head of network design, is being re-examined by police. Tsalikidis was found hanged in his Athens flat on the morning of March 9, 2005, two days after the ghost program had been discovered and shut down by George Koronias, the Vodafone general manager, and a day before the prime minister’s office was informed."

The lesson for American politicians is of course that anything NSA can do to Russia, China can do to the USA. NSA exploits of SORM show that Chinese cyberspies can potentially exploit any mandatory encryption backdoor system, or mandatory real-name registry, or mandatory "suspicious activity reporting" to harm US citizens, if such systems are implemented in the US.

In a second bombshell story, Ryan Gallagher confirms what privacy advocates (and sometimes spooks!) have been warning about for years: everyone is a target, everyone is an eternal suspect of past, present or future activity possibly deleterious to the interests of the ruling elite. No child is too innocent, no grandmother's emails too boring, no electronic device is too isolated to escape the interest of the modern spook. Your education, employment records, travel records, medical records, your fingerprints, voiceprint, iris scans, vein patterns, your family history, all are stolen and mined for clues. Your tweets, instant messages, emails, private messages, search logs, websurfing logs, geolocation beacons, all are being continuously monitored by agencies such as GCHQ.

The accompanying documents show that

* By May 2011 GCHQ used 1600 10 Gps bearers (taps of fiber optic cables), more than half NOT landing in the UK, each costing about 20,000 pounds and collecting on average 200 million events per day
* BLACK HOLE is a "flat storage" buffer which holds onto unanalyzed stolen data on the assumption some of it might later be useful; about 10 billion events are added every day,
* "events" include someone logging on to an ISP, sending a text message, uploading a draft email, making a call on a smart phone, getting a webpage (about 40% of the data is BLACK HOLE is of this type), etc.,
* this adds up to a lot of data; GCHQ recorded about 10^12 events from Aug 2007 to Mar 2009; BLACK HOLE sucked up about 200 GB/day in 2011
* GCHQ relies on Apache HADOOP clusters using GoogleMaps to do initial analysis and classification
* the QFDs are Oracle databases running under RedHat Enterprise Linux
* To provide data to their army of analysts, GCHQ favors QFDs (Query Focused Databases), which are huge but simply constructed databases designed to answer a very specific question ("was Ryan Gallagher on-line at 0900 GMT on 1 April 2009?"), and to use "convergence" databases to pull data from multiple databases to provide a detailed picture of a target's "pattern of life", for example presenting not only POTS calls from an old-fashioned handset but VOIP calls made using a smart phone,
* KARMA POLICE attempts to log the websurfing of everyone using the internet
* INFINITE MONKEYS attempts to maintain a database of everyone in the world who joins any webforum in the world using VBulletin, and to track their posting history; in 2007 this database was rated as one of GCHQ's best sources of intelligence
* SOCIAL ANTHROPOID (which painfully replaced several earlier systems) attempts to track all social media activity of everyone who uses Facebook or other such sites,
* SAMUEL PEPYS attempts to provide a real time diary of what everyone on the internet is doing as they do it (the example in a secret GCHQ presentation shows someone using a computer in Sweden browsing to a cryptome.org page collecting pictures of GCHQ physical infrastructure)
* MUTANT BROTH collects TDIs (target definition identifiers), e.g. internet "e-litter" by which people such as telco engineers, journalists, national and local politicians, CEOs, police officers, and environmentalists can be identified and targeted for cyberespionage,
* GCHQ logs everyone in the UK, US and other countries who listens to internet radio
* GCHQ knows how to decode Yahoo-Y-cookies (which use ROT-13 to disguise the username; insert sarcastic smiley here), but also exploits Microsoft MSUID, Facebook, and Google SID cookies to spy on everyone who encounters Yahoo, Microsoft, Facebook, or Google on line (i.e, everyone)
* TRIBAL CARNEM feasts upon Radius servers to alert analysts by email that their "target" is on-line
* MARBLED GECKO spies on everyone using Google mapping/geolocation services

It is impossible to overemphasize a key point about the latest leaked documents: these repeatedly boast about providing "population scale" access to "unselected" "content" in various types of data which an ordinary person would naturally regard as "private", such as private messages sent between users of VBulletin forums. Translation: the content of every item of data is collected and made available, regardless of whether the source or destination IP has been specifically targeted or satisfies some "selection" criterion. Everyone is a target. Everyone is continually under suspicion of possibly in future "doing something". Everyone. Your grandma, your son, teachers, academic research scientists, US federal judges. Everyone.

If the spooks get their way, in the near future your heartrate, and other personal physiological data will also be monitored in real time. Eventually, if DARPA can figure out how to remotely scan brain functioning, not even your innermost thoughts will be free from scrutiny. It is no secret that American researchers are working very hard to achieve these goals. No doubt Chinese and Russian researchers are working just as hard.

All this may seem daunting but there are reasons for optimism:

* 97% of the stolen data GCHQ passes from their buffer to long term storage is never viewed).
* Tor can help, by making the bad guys snooping more expensive, unreliable, and uncertain.
* Encryption works. (As long as you are using something substantially better than ROT13.)
* A high level GCHQ memo explains that their real fear about encryption (Google etc) is that they won't be able to spy on absolutely everyone anymore but will have to pick their targets. Reason: they can usually evade https or decrypt GSM (using stolen keys) but this is too expensive to do to absolutely everyone in the world. Currently.
* GCHQ badness follows a strict daily rhythm: analysts work during the day and batch processing is run overnight; this can be exploited.
* Another GCHQ memo states that an increasingly important goal is improving the dismal public perception of GCHQ. So they're worried.

Glenn Greenwald writes that his first shock, when he met Snowden, was how young he looked. His second was when Greenwald mentioned GCHQ and Snowden replied "Oh, they're even worse than NSA!". The GCHQ documents starkly illustrate the dangers of not having a written Constitution. In his book The Gulag Archipelago, Solzhenitsyn remarks that the USSR had a very fine Constitution; the problem was that its courts were too timorous to try to enforce it. That is why, he says, so many human rights abuses occurred in the USSR. The recent history of the USA, as revealed in NSA leaks from the Snowden trove, clearly show that the USA enjoys no magical immunity from similar abuses, for the same reason.

See

https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-use…
From Radio to Porn, British Spies Track Web Users’ Online Identities
Ryan Gallagher
25 Sep 2015

zoobab

October 02, 2015

Permalink

Is Tor Project a "non-profit organization" or a "company"?

http://www.businesswire.com
Norse Appoints Andrew Lewman as First VP of Data Development
Technology Executive to Lead New Live Threat Intelligence Initiative
3 Aug 2015

"Most recently, Lewman was executive director and CEO at the Tor Project, a non-profit technology organization that provides online anonymity software tools used by over 2 million Internet users daily in more than 200 countries. In this position, he grew Tor from a three-person non-profit to a 50+ person company in eight countries with a pool of over 5000 volunteers in 89 countries."

There are a few other statements in the quoted press release which may possibly raise a few quizzical eyebrows.

zoobab

October 07, 2015

Permalink

Maybe this is an old Deadhead memory cracking through here, but how about considering John Perry Barlow?

zoobab

October 10, 2015

Permalink

Just Another Thought ! What I think Tor,TOR.Tor should Not worry with keeping up with the latest tec.Bio photos, Newest I-Junk, F^ Bitwatches Etc Etc, But should Just continue to keep All of OUR Inter net Safe And Private/ Secure For All Peoples. Thank You Again.

zoobab

October 19, 2015

Permalink

Why has Tor Project remained silent on the most important computer security story of the year?

Tor users who have heard about Logjam probably know the problem affects their web browsing with TBB or Tails, but they need to know about a security trade off, until server admins delete the weak DHE (Diffie-Hellman key exchange) from their public key cipher suites, which are used to create and exchange session keys for symmetric ciphers which then protect the data stream between server and client.

Basically, it seems that NSA has placed Tor Browser users in a jam: either we can manually remove the weak DHE from our Tor browser cipher suite, which risks breaking perfect forward secrecy, or we can allow NSA to decrypt our traffic on the fly. Once all the world's sysadmins have fixed the cipher suites offered by their servers, we should be fine, but until then it seems Tor users may face a tough choice.

Note that this issue involves a state-sponsored global attack on "data in motion", not "data at rest". But there may also exist an exploitable and easily fixed problem with common implementations of LUKS encryption using AES (see the end of this post).

Here is some background information:

Back in 2012, James Bamford (author of three books on NSA) revealed that NSA had achieved a major breakthrough in cryptanalysis and that a key function of the enormously expensive Utah Data Center in Bluffdale, UT (plus its backup in San Antonio and additional NSA data centers now opening in other locations) is to facilitate on the fly decryption of all the world's web traffic (including banking transactions):

http://www.wired.com/2012/03/ff_nsadatacenter/all/1
The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say)
James Bamford
15 Mar 2012

> The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle—financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications—will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”
> ..
> The breakthrough was enormous, says the former official, and soon afterward the agency pulled the shade down tight on the project, even within the intelligence community and Congress. “Only the chairman and vice chairman and the two staff directors of each intelligence committee were told about it,” he says. The reason? “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.”

Note that as per its usual "collect it all whatever it takes" mantra, NSA did not warn those who administer the global financial system to fix their servers, they used the vulnerability of weak DHE to break (a large fraction of) all the world's encrypted data streams. These agencies have gone so far off the reservation that it seems reasonable to doubt whether the US Congress could eliminate NSA/CIA simply by defunding them, since they evidently have independent and highly lucrative sources of illicit funding.

In May 2015, a group of respected researchers including Matthew Green and Nadia Heninger revealed that NSA's breakthrough probably involves precomputing enough information about 1024 bit DHE using a small number of very widely used primes, and then exploiting software vulnerabilities to trick servers into using the weak crypto, which can then be broken to reveal the session key, after which traffic is easily decrypted "on the fly":

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice
David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry, Matthew Green, J. Alex Halderman, Nadia Heninger, Drew Springall, Emmanuel Thomé, Luke Valenta, Benjamin VanderSloot, Eric Wustrow, Santiago Zanella-Béguelin, and Paul Zimmermann
22nd ACM Conference on Computer and Communications Security
Oct 2015

The paper was published on 13 Oct 2015 and has caused a well deserved world-wide sensation:

https://weakdh.org/
Weak Diffie-Hellman and the Logjam Attack

> Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections.
> ...
> Breaking the single, most common 1024-bit prime used by web servers would allow passive eavesdropping on connections to 18% of the Top 1 Million HTTPS domains. A second prime would allow passive decryption of connections to 66% of VPN servers and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break.

Specifically, the researchers have found that if 1024 bit Diffie-Hellman key exchange using the most commonly used primes has been broken by NSA precomputation, NSA can decrypt on the fly the following:

HTTPS — Top 1 Million Domains 17.9%
HTTPS — Browser Trusted Sites 6.6%
SSH — IPv4 Address Space 25.7%
IKEv1 (IPsec VPNs) — IPv4 Address Space 66.1%

Some of us raised the issue of rampant and needless overuse of the same small set of primes many years ago, but were ignored. It is now obvious that our fears were well founded.

So what to do? Fortunately, effective fixes are easy. The only challenge is getting every sysadmin to take a few minutes to implement the fix.

If you administer a server, this is what you need to do:

https://weakdh.org/sysadmin.html

If you use a web-browser (and since you are reading this, you probably do!) this is what you need to do:

https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-…
How to Protect Yourself from NSA Attacks on 1024-bit DH
Joseph Bonneau and Bill Budington
15 Oct 2015

In particular, whenever you start Tor Browser in Tails you can quickly go into about:config and toggle the weak DHE to false. If you use persistence, or use TBB running under a persistent OS, you only need do this once.

But there is a very important caveat for Tor Browser users: depending upon which servers you use, removing the weak DHE from your browser cipher suite can break perfect forward secrecy, one of the most vital elements of modern websurfing with TBB or Tails.

There is reason to hope that this time server admins will pay attention and get cracking fixing their implementations.

Everyone agrees this is a really, really important global vulnerability which affects everyone on the web:

El Reg:

http://www.theregister.co.uk/2015/10/19/nsa_crypto_breaking_theory/
Let's talk about that NSA Diffie-Hellman crack
'Logjam' crypto bug researchers expand on theory in talk
19 Oct 2015

Bruce Schneier:

https://www.schneier.com/blog/archives/2015/10/breaking_diffie.html
Breaking Diffie-Hellman with Massive Precomputation (Again)

Steve Bellovin:

https://www.cs.columbia.edu/~smb/blog//2015-10/2015-10-15.html
I'm Shocked, Shocked to Find There's Cryptanalysis Going On Here (Your plaintext, sir.)
Steve Bellovin
15 October 2015

Nicholas Weaver:

https://www.lawfareblog.com/nsa-and-weak-dh
The NSA and Weak-DH
Nicholas Weaver
15 Oct 2015

Robert Graham:

http://blog.erratasec.com/2015/10/dh-1024-in-bitcoin-terms.html#. 0
DH-1024 in Bitcoin terms
Robert Graham
16 Oct 2015

Ars:

http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions…
How the NSA can break trillions of encrypted Web and VPN connections
Dan Goodin
15 Oct 2015

Slate:

http://www.slate.com/blogs/future_tense/2015/10/16/researchers_say_the_…
This Common Cryptography Method Is Alarmingly Vulnerable
Josephine Wolff
16 Oct 2015

Halderman and Heninger (two of the coauthors of the landmark paper):

https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breakin…
How is NSA breaking so much crypto?
Alex Halderman and Nadia Heninger
14 Oct 2015

Logjam affects "data in motion". NSA, FBI, and other kleptographers also attack "data at rest", such as encrypted hard drives and USB sticks. Tails is based on Debian and thus appears to be vulnerable when you use Tails to create a LUKS encrypted partition to a problem in which someone apparently misunderstood a protocol and needlessly doubled a key, so that it appears that 512 bit LUKS encryption actually means 256 bit, i.e. 128 bits of security (see Bruce Schneier's explanation of collisions). When you create a LUKS encrypted partition on an internal hard drive during installation of Debian on a PC or laptop, you get "512 bit AES", but when you create a LUKS encrypted USB under Tails, you only get "256 bit AES", which may mean only 64 bits of security. If so, this is a problem because so many people have moved to keeping their data on USB rather than an internal hard drive. If so, when LUKS is used to encrypt terabytes of data, this could become a problem.

zoobab

October 21, 2015

Permalink

Thank you for reminding me about the earlier post. Also relevant to our discussion:

https://lists.torproject.org/pipermail/tor-talk/2015-October/039319.html
How the NSA breaks Diffie-Hellmann
Nick Mathewson
21 Oct 2015

As I understand it so far

o current Tor was already immune from the malicious downgrade (first part of the attack as used by NSA)

o probably safe for a user to toggle off the weak DHE in about:config, since if I understand correctly this should not affect perfect forward secrecy in Tor circuits (but see note below), and this might offer some benefit in the last hop (exit to server)

o within a year developers expect Tor to be immunized from LOGJAM (weak DHE will be banished entirely)

I request arma to post an explainer of the issues tailored to users of Tor Browser (Bundle/Tails). My questions include:

1. In

client <==> entry <==> relay <==> guard <==> https server

users also gain from protecting the last connection; are there present/future-proof security/anonymity tradeoffs here for Tor users trying to decide whether to manually toggle off the weak DHE in about:config (as per EFF advice). If so, what are they?

2. To avoid future attacks based on state-sponsored precomputation projects, should we worry about standardizing choice of one curve for elliptic curve cryptography?

> Also you seem very confused about how XTS mode works.

Non-cryptographers frequently become confused about technical issues in cryptography, yet we have a critical need to use such technology wisely, so we could always use some helpful explanations/advice.

I presume you found fault with my concern about AES full disk encryption. Let me try to rephrase:

1. When you install Debian stable to a "almost-full" LUKS encrypted hard disk, cryptsetup assures you of 512 bit key. When you use the Tails/Debian-gnome provided disk utility to create a LUKS encrypted volume on USB or external hard drive, for some reason I don't understand, it seems that you only get a 256 bit key. Particularly in cases where the external hard drive is bigger than the disk drive, could this be a security risk? If so, any advice about a better method of creating an encrypted volume?

2. Is the LUKS standard method (AES-XTS) secure with reasonable future-proof when encrypting a multi-TB external hard drive which initially is mostly empty?

TIA.