Delivery-Date: Wed, 17 Sep 2014 20:07:47 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 2A86B1E0B87;
	Wed, 17 Sep 2014 20:07:45 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id E14832E4C7;
	Thu, 18 Sep 2014 00:07:40 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 82A3A2E44C
 for <tor-talk@lists.torproject.org>; Thu, 18 Sep 2014 00:07:37 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id IcmFBZ9pgO5K for <tor-talk@lists.torproject.org>;
 Thu, 18 Sep 2014 00:07:37 +0000 (UTC)
Received: from mail2.eff.org (mail2.eff.org [173.239.79.204])
 (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (Client did not present a certificate)
 by eugeni.torproject.org (Postfix) with ESMTPS id 608FC23ECD
 for <tor-talk@lists.torproject.org>; Thu, 18 Sep 2014 00:07:37 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=eff.org;
 s=mail2; 
 h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:To:From:Date;
 bh=qizpO9gQwzR6IVPO2h0GTP9u3q3oX4A4nFC7BLCujTc=; 
 b=Z4yi3DOxMf9YWJ3xoH1QZ24U+rI87ewNI5rkuS42fcbpHm4l2nyNxGonn42Irhj1/KqtB/q1ZPymJR9KX1sv36v8newZlih+eLPpqmFZTwTHf89fNFsMgLSHkWuW0cIo9nRTbABr77kN1oR3A+51tY5W0rvfBZ8tw5ut6WHB23s=;
Received: from localhost ([127.0.0.1]:35544 helo=sescenties)
 by mail2.eff.org with esmtp (Exim 4.80)
 (envelope-from <schoen@eff.org>) id 1XUPG2-0005qt-OK
 for tor-talk@lists.torproject.org; Wed, 17 Sep 2014 17:07:34 -0700
Date: Wed, 17 Sep 2014 17:07:34 -0700
From: Seth David Schoen <schoen@eff.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140918000733.GR5127@sescenties.(null)>
References: <156b8eed2e9dc784c15c238afc028330.squirrel@bitmailendavkbec.onion>
 <CAD2Ti29evbkQ5vRJxkEbx=L+hKypUsVdZY7aFuCkktXU=xMpsA@mail.gmail.com>
 <1410994840.10492.7.camel@anglachel>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1410994840.10492.7.camel@anglachel>
User-Agent: Mutt/1.5.21 (2010-09-15)
Received-SPF: skipped for local relay
Received-SPF: skipped for local relay
Subject: Re: [tor-talk] wake up tor devs
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Ted Smith writes:

> There's a reason why the NSA has "Tor Stinks" presentations and not "I2P
> stinks" presentations. 

I don't know of a good basis for estimating what fraction of NSA's
capabilities or lack of capabilities we've learned about.  And even
when someone _working at NSA_ writes that attack X doesn't work or
doesn't exist, they may not know that attack Y achieves some of the
same goals.  For example, there were press reports that there was
some major cryptanalytic breakthrough a few years ago and that it has
far-ranging implications*.  I don't think the details have ever become
public; a best-case-for-cryptographic-privacy scenario might be that it's
"only" an operationalized, albeit expensive, attack against 1024-bit RSA
or DH (one of the possibilities considered in Matthew Green's analysis).
In any case, many people working on surveillance within NSA might not know
what the breakthrough is or how it works, and may still be assiduously
working on attacks that in principle are largely redundant with it.

(Their NSA colleagues may want them to be working on redundant attacks
because many of the existing attacks are described as "fragile" -- so
they want to have parallel ways to achieve some of the same stuff.)

Most of us don't work in highly compartmentalized organizations or
organizations that try to practice a very strict need-to-know rule.
So we might think that if someone in an organization says at some time
that something is easy, or difficult, or cheap, or expensive, that that
reflects the general attitude of all the parts of that organization.
(Like if somebody working at Intel said it was hard to fabricate
semiconductor devices in a particular way, or somebody working at Boeing
said it was hard to take advantage of a particular aerodynamic effect,
or somebody working at EFF said it was hard to sue the government under
a particular legal theory, you might tend to think these things were
basically true, as far as those people's colleagues knew.)

I think that's only approximately or indirectly true of people working
in an organization like NSA or GCHQ.


* Possibly relevant reporting and discussion includes
  http://www.wired.com/2012/03/ff_nsadatacenter/all/
  http://www.wired.com/2013/09/black-budget-what-exactly-are-the-nsas-cryptanalytic-capabilities/
  http://blog.cryptographyengineering.com/2013/12/how-does-nsa-break-ssl.html
  http://www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html?_r=1&
  (including claims of widespread success at defeating cryptography,
  partly on the basis of sabotaging it but at least partly on the
  basis of "development of advanced mathematical techniques")

-- 
Seth Schoen  <schoen@eff.org>
Senior Staff Technologist                       https://www.eff.org/
Electronic Frontier Foundation                  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109       +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

