Majority of Tor crypto keys could be broken by NSA, researcher says

Discussion in 'privacy technology' started by lotuseclat79, Sep 7, 2013.

Thread Status:
Not open for further replies.
  1. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Wild speculation from the article aside, 1024 bit RSA keys for have been viewed as bare minimum/bad practice since 2010. Most services concerned with security which still use RSA have gone up to at least 2048.

    RSA in general is going old hat, as soon as more and more programs and services support TLS 1.2 you will see elliptical curves (ECC) becoming the norm as the new asymmetrical standard. Even my wireless network is using ECC.
     
  2. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    I still don't understand what the obsession with age is. We're talking about 20 years and potentially wider usage vs. 15 years and potentially wider, more extensive scrutiny. I'd feel safe calling that a wash.

    So the next major thing to go on is the design itself and the theoretical/academic strength...

    And in that realm, the designer of both algorithms (who happens to be one of the world's foremost authorities on security and cryptography) is "amazed [Blowfish] is still being used" and if asked, "recommend Twofish instead."

    *shrug*
     
  3. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439


    If your a car dealer, you recommend the latest model. Not because its better, but because it has TV's built into the seats and other stuff that costs more for no reason. He is recommending his latest work, because its his latest. Nothing wrong with blowfish at all.
     
  4. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    You've got to be kidding. You're seriously comparing a cryptography expert recommending one cipher over another — both of which he personally designed, by the way — for security purposes, to a car salesman recommending one car over the other because it's more expensive? Let's just begin to list the problems with this analogy.

    1) The car salesman stands to make more money by you buying a more expensive car. Schneier makes the same amount of money regardless of which cipher you use: $0.

    1a) Schneier designed both ciphers. Not only would he be in the position to compare the two (more so than anyone else, actually), but he gains no more notoriety/praise/credit regardless of which you use.

    2) A cipher is not a car. You are essentially saying Blowfish and Twofish are exactly the same, except Twofish has some extra entertainment/vanity features (that make it cost more for no reason...despite the fact that both ciphers are completely free).

    2a) (Last time I checked, TVs (particularly ones installed into seats) cost real money. I'm not sure where you got the idea that a car with extra features like that would "cost more for no reason." You named the reason.)

    3) You are presuming to know that Bruce Schneier has basically been lying...that he recommends the later cipher not because it is better designed, more thoroughly vetted, and therefore considered more secure...but rather that it's basically the same (except for dumb new features that make it cost more for no reason) and he's just recommending it because it's his latest.

    4) You are basically alleging that Schneier and the whole Twofish team basically (and knowingly) wasted countless hours of their lives developing the cipher (specifically by building on Blowfish and aiming to make a better cipher), scrutinizing it, analyzing it, testing it, attacking it, and then putting it (and themselves) through the three year AES process, and came out with something that is no better than what Bruce originally wrote...Just so that they could have something to recommend that "costs more for no reason"?


    I honestly don't understand why you're so hellbent on pushing it, nor who you're trying to convince. You sound like the fanboys who defend their chosen piece of software to the death (be it their own death, or the total death of the software, whichever comes first)...because they're so invested not only in using it (it's what they're used to and comfortable with), but also so invested in vehemently defending it.

    You honestly want to argue that the experts who would be in the best position to know do not actually believe Twofish is a more secure/better cipher...but rather just went through all the trouble of not only designing and vetting it, but migrating their own projects to it because "it's their latest work"?

    As in, developers of free software don't go through all the trouble of designing and testing new projects because they are working to improve upon old ones...but rather just so that they might have a new "latest work" to recommend over their last one?
     
  5. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    JackmanG, tell me. How does Bruce Schneier make his money. Maybe it has something to do with research and development into cryptography, maybe its to do with book or articles he writes. 20 years later, nobody wants to hear about blowfish so it makes no money. If he released a copy of TwoFish called MechaGodzillaTwoFish he would make money from republishing even if there is almost no difference in the two. Its like an archaeologist, your more likely to get funding if you say you have historical proof of the lost city of gold in one location over saying you have found a T-Rex skeleton you wanna dig up. I am not going to argue the point with you, a sword will outwit a gun with no bullets.
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Who here has a background or education in cryptography? Seems like a lot of baseless conjecture that's really not focusing on the crypto at all
     
  7. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Not by selling Twofish, that's for sure.

    Probably. But I fail to see what this has to do with one completely free cipher versus another.

    ...but 15 years (and an AES competition) later, people do want to hear about Twofish...so it does make money? :rolleyes:


    He'd lose more money than he would make...it would be reviewed, the entire community would wonder what is the difference, and ultimately expose that there was none, and he would lose credibility...meaning people would be less interested in his work, his writings would hold less authority, and actual paying gigs (such as consulting...which likely makes up a decent amount of his income) would shrink.

    Honestly if an open source developer could simply slap a new name on the exact same code, and release it as a brand new product, and make money off of it...why isn't this standard practice??

    So before the open source developer was a car salesman, peddling a newer model that "costs more for no reason"...and now he's an archeologist gunning for funding. I think it's safe to say it would be wise for you to lay off the analogies.
     
  8. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Baseless conjecture? Which part? Certainly not the part where world-renowned cryptographer and security expert Bruce Schneier recommended one of the ciphers he designed over another...
     
  9. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If you're going to call out Schneier you should be calling out the crypto, not his motivations.
     
  10. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Who is "calling out" Schneier? What are you talking about?
     
  11. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    I am officially out, I am getting insulted without the people doing the insulting being objective or thinking without bias, new is not always better. Just wait and see. I make analogies because its supposed to make it easy for confused people to understand my point, but you attack the analogies so... some people can't be helped. :thumb:
     
  12. JackmanG

    JackmanG Former Poster

    Joined:
    May 21, 2013
    Posts:
    284
    Something you might want to try :thumb:

    No one said it was. Again, you just keep resorting to that straw man because logical fallacies are all you have to stand on.

    I'll just offer a quick recap:

    Bruce Schneier, world renowned cryptographer and security expert designed both Blowfish and Twofish. He and the Twofish team designed the cipher specifically to be better than its predecessor. It was the cipher they entered into the 3-year AES competition, and it was a top 3 finalist. It is the cipher BT and other original Blowfish users migrated to.

    Both ciphers are completely free, free of charge, and free from any licensing restrictions. Bruce Schneier makes the exact same amount on money regardless of which you use: $0. He gets no more praise or recognition, regardless of which you use (again, he designed both of them).

    Therefore, he has no financial or ego-driven motive to suggest one over the other.

    As a security and cryptography expert, Schneier is asked all the time for his recommendations on various security technologies. (e.g. "Which cipher is more secure?") He offers such opinions quite readily. In 2007, Schneier said he was "amazed" that people still used Blowfish, and that "If people ask, I recommend Twofish instead."

    User Taliscicero insists that:

    1) Twofish is like a newer model car...but not just any newer car...a newer model for which there is nothing about it that makes it better than its predecessor in any significant sense...no better engineering, no better safety features, nothing that makes it more secure and better for the user...it just has extra vanity features like TVs in headrests and other stuff that "costs more for no reason" (despite the fact that TVs cost money, ciphers don't have vanity features, and this cipher is available completely free to anyone.)

    2) The latter cipher (which has been around for 15 years, versus the former's 20 years) is not any better than the other, because "new isn't always better" (despite the fact that no one argued Twofish was better simply because it was newer.)

    3) Schneier is recommending Twofish over Blowfish not because the cryptographer believes the former to be more secure and overall a better cipher...but rather just because "it's his latest work."

    4) The open source developer is like an archaeologist trying to get funding, and with Twofish it's like he's saying he has historical proof of the lost city of gold in one location...but with Blowfish he's saying he found a T-Rex skeleton he wants to dig up. Therefore, he recommends Twofish because he wants more funding.​


    You said it!
     
  13. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    Y'all are missing the boat - I'm using SkipJack :D

    PD
     
  14. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,312
    Location:
    Here, There and Everywhere
    Yeah, well, it's just another thread disrupted. It's sad we've got another username (probably the same person) that uses Usenet-like tactics to attempt to ruin and foster discontent at this reputable and well-run forum. Sad.
     
  15. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    Yep,
    Definitely got a troll at the minimum, or a sock puppet who disrupts every conversation on these subjects. What this forum needs is an ignore option for specific users.
     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    @noone_particular,

    You realize that the forum has that function, right?

    To the earlier comments I made, I got this topic confused with another so they appear completely nonsensical lol I somehow bridged the two topics in my mind.
     
  17. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    39,970
    Location:
    U.S.A.
  18. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    All these years and never saw it. Thanks.

    HM,
    Wasn't referring to you regarding the ignore option. We've agreed to disagree more than once and have never resorted to some of what's happening here lately.
     
  19. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    39,970
    Location:
    U.S.A.
    noone_particular, you're welcome! Take care.
     
  20. emmjay

    emmjay Registered Member

    Joined:
    Jan 26, 2010
    Posts:
    1,385
    Location:
    Triassic
    RIM/Blackberry is currently looking for a buyer. Their share price has dropped below sustainability, primarily due to the failure of their newest smartphones to impress. The word on the street is that the company may be broken up into 3 parts. BBM and its patents will more than likely attract some buyers from outside Canada, but it will require government approval. Wonder if the NSA will have any influence over the Canadian government's decision. A shell company purchase would be very suspicious.
     
  21. hawki

    hawki Registered Member

    Joined:
    Dec 17, 2008
    Posts:
    4,387
    Location:
    DC Metro Area
  22. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    Surely you jest? Every Internet user uses cryptography every day whether they realize it or not. Ever do online banking? It's encrypted. Ever buy anything from Amazon? Encrypted. Use Bitcoin? Its nothing but one large crypto system. Use Gmail? It's encrypted end-to-end (as long as the mail is sent to another Gmail user). I could go on and on.

    The average user doesn't have to be targeted, and that's the entire point. NSA is scooping up EVERYTHING on the Internet. If it's encrypted, they break it (they have broken SSL, which means no one's secure banking or credit card transactions are secure anymore). This is a big problem.

    NSA has licensed all of the Certicom ECC patents. The patent issue is a minor concern as there are many ways to implement ECC without infringing on them. The curves themselves are not patented, just certain methods of implementing them.

    Lot's of stuff uses ECC and it is growing all the time. TOR just recently ditched RSA in favor of ECC. Playstation 3 uses ECC (a very weak implementation). Blu-Ray uses ECC. OpenPGP is migrating to ECC. ECC can even be used in SSL.

    There is nothing wrong with ECC on a theoretical basis. All of the problems are from poor implementations (like Playstation 3). The concern with ECC (just like with any crypto system) is if a malicious actor (like NSA) is able to rig the system via backdoors, then all bets are off. The NIST elliptic-curves outlined in their standards documents are suspect because no one really understands *how* the curves were selected (and they were selected by NSA, this is a known fact and not really disputed). As long as the curves are selected carefully, by committee, and can be shown to have no weird unverifiable properties, ECC is very secure. The problem is selecting the right curves and then implementing it all properly.

    So, I agree with Schneier in that we shouldn't trust NIST elliptic-curves, but I disagree with him that ECC in itself is somehow flawed or "broken." ECC is recommended by NSA to secure DoD TOP-SECRET data. NSA has a lot of trust in ECC to secure its own systems (and have said as much in declassified documents).

    The problem is we cannot allow them to rig the game by selecting weak curves for public consumption with properties only they understand. What I suspect is they select strong curves for their internal use and give the world weak ones. One proof-positive example of this is the Dual_EC_DRBG random number generator they shoved down NIST's throat back in 2006. This PRNG is actually based on elliptic-curves and two crypto researchers proved that the curves used are very likely rigged by NSA (they proved this before the Snowden leaks, and the Snowden leaks actually confirm this whole incident). The documents say the NSA was bragging amongst themselves how they had pulled this whole thing off. They called it an "exercise in finesse."

    So, yeah, we are going to have to ditch NIST completely and start over. I hope academic researchers put their foot down on this and start their own working groups aimed at "non-NSA influenced" standards.
     
  23. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    I've been here a while...just trying to lighten things up a bit...relax peeps.

    PD
     
  24. DesuMaiden

    DesuMaiden Registered Member

    Joined:
    Jan 25, 2013
    Posts:
    599
    So does this affect an average Tor user like me? I don't see this personally affects me, unless someone can say otherwise.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.