Delivery-Date: Tue, 20 Oct 2015 03:58:21 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id C3F621E065E;
	Tue, 20 Oct 2015 03:58:19 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 27DF23877C;
	Tue, 20 Oct 2015 07:58:15 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id AC3F138779
 for <tor-talk@lists.torproject.org>; Tue, 20 Oct 2015 07:58:11 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id MH7aF1i5hrc9 for <tor-talk@lists.torproject.org>;
 Tue, 20 Oct 2015 07:58:11 +0000 (UTC)
Received: from mx1.mailbox.org (mx1.mailbox.org [80.241.60.212])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.mailbox.org",
 Issuer "SwissSign Server Silver CA 2014 - G22" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 7D90B38776
 for <tor-talk@lists.torproject.org>; Tue, 20 Oct 2015 07:58:11 +0000 (UTC)
X-Greylist: delayed 366 seconds by postgrey-1.34 at eugeni;
 Tue, 20 Oct 2015 07:58:11 UTC
Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx1.mailbox.org (Postfix) with ESMTPS id 2979A43D34
 for <tor-talk@lists.torproject.org>; Tue, 20 Oct 2015 09:52:01 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mailbox.org; h=
 x-mailer:content-transfer-encoding:content-type:content-type
 :mime-version:subject:subject:message-id:reply-to:from:from:date
 :date:received; s=mail20150812; t=1445327519; bh=29ZuhlCosoJoIu3
 CMxZBhFfsxU6cqtG8W4XRNdGfXCw=; b=p2gDzmREl/Jo5hlqrHy/ki2RPjbGLw2
 YzdpJKhSSqpTsPFUmJnCFwns1XEss425bGM+MgOP4w0F9uWx2VRCAhgr+qElTFO8
 s+cLE6jpk/F8geCZ9SFX4A0uJcmKKPQhe3PZRGjnn3ce42XfFhcJ+jp4c7XV/g29
 hSlxlTbSdgOIahM6xkzxGsKOpEie3cVnYMAeb2GCrYTROSIoZvpzxxD7GIC1vHsP
 l/6Xj1zxEbkhch+6QoLll/dEmMQv/d4UzvNY5QriLB4x3Jc3x24GMcukSlGL8oLZ
 Y+KBfzd9Oh5tmRohzkVFK7eV2JV4iSEkb9+eytClKMvWIBtyv+AqJ/w==
X-Virus-Scanned: amavisd-new at heinlein-support.de
Received: from smtp1.mailbox.org ([80.241.60.240])
 by hefe.heinlein-support.de (hefe.heinlein-support.de [91.198.250.172])
 (amavisd-new, port 10030)
 with ESMTP id cs3zZl3kdfep for <tor-talk@lists.torproject.org>;
 Tue, 20 Oct 2015 09:51:59 +0200 (CEST)
Date: Tue, 20 Oct 2015 09:51:59 +0200 (CEST)
From: karsten.n@mailbox.org
To: tor-talk <tor-talk@lists.torproject.org>
Message-ID: <641167991.942.1445327519824.JavaMail.open-xchange@ox1app>
MIME-Version: 1.0
X-Priority: 3
Importance: Medium
X-Oxguard-PGPSign: False
X-Mailer: Open-Xchange Mailer v7.6.2-Rev33
X-Originating-Client: open-xchange-appsuite
Subject: [tor-talk] How the NSA breaks Diffie-Hellmann
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hello,

the paper "How is NSA breaking so much crypto?" got the Best Paper Award
at ACM CCS im Oct. 2015.

https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/

Diffie-Hellman is a cornerstone of modern cryptography used for VPNs,
HTTPS websites, email, and many other protocols. The paper shows that many
real-world users of Diffie-Hellman are likely vulnerable to state-level
attackers.

A state-level attacker like NSA can pre-compute the most common used 1024
bit DH parameter sets which are recommend in RFC 2409. If pre-computation
was done for the two most common used DH parameter sets the NSA can braek
2/3 of VPN connections, 1/4 of SSH connections and 1/5 of SSL/TLS
connections on-the-fly.

EFF.org recommends to disable DHE cipher in Firefox and Chrome: 
"How to Protect Yourself from NSA Attacks on 1024-bit DH"
https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH

An other more advanced solution for TorBrowser would be possible. You can
increase the min. length for DH parameter to 2048 bit in NSS lib. Min.
length for DH parameter was set to 1024 in NSS 3.19.1 to avoid Logjam
attack. May be, it is time to increase it to 20148 bit?
https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes

Karsten N.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

