> ill really try not to go conspiracy crazy... but that is always a risk ... > there is also a video on youtube from a recent con about the feasibility of > factoring them, <"fast hacks" or something like that>
There are always rational analyses that can be made. Many analysts think of the available storage and compute power in a facility such as that (100ksqft 65MW public initial) in terms of the common commercial datacenter filled with commodity compute gear... dell servers, seagate drives, ati gpus, cisco net, etc. 'Google big/smart corp style' if you will. That's certainly a lot of it. But what few seem to consider is custom hardware and the big budget picture which you can search for pretty pictures of. And black secrets. So perhaps some higher storage density tech... gates as disk, optical, etc. And definitely mountains of custom ASICs. People know about deepcrack and bitcoin asics and Intel's smallest fabs... well how much of that can you tape out and power on that kind of budget... ? Lots. Now factor in 10-25-?? percent ahead via black tech. It seems safe to assume some properly implemented yet smaller keylength algos may be at risk. And essentially certain that all manner of network and data analysis is possible limited only by the programming brains and scale to do it. As for Tor, 1024bit equivalence may be a bit low. Most of the cost is in key exchange/setup, not the stream itself. Run 'openssl speed' to see that. End user machines could handle 4096, but the relays and HS are a question. It's not crunchtime yet but maybe getting closer. See also keylength.org, and the various crypto and risks lists. Maybe Tor's TCP streams are a weak point in timing and network analysis. There's probably some anonbib about splitting up the traffic across UDP paths for reassembly on the far side. And even that's still subject to analysis. > if they intercepted everything, there wont be much of a need to decrypt it. What real limits are there to their 'partnership' with telecoms? A telecom may want legal ability to feed them everything. But what is the penalty for not? The courts will not liquidate a telecom no matter how gross their constitutional infraction under the cover and 'authorization' of the executive and even legislative. Worst case for them is a senate show hearing, they get censured, a token fine, some heads roll and life goes on. Same for unauthorized taps... you know about Glomar and other deep sea fun right. Lots of vacuuming going on out there. No real penalties apply other than the oopsies of political embarrasment and a turn through the revolving door. What about US torture going to the Hague, any number of things around the world lately, not much penalty there, so none here either. > its not easy, and i cant claim they can actually do that, but thats the > risk, and its out of the scope of the Tor threat model. > there is a video somewhere of bill binney talking about this approach... It's reasonable that determining who is talking to who, given those endpoints (the who's) that fall entirely within the network one can see and process at this scale, is relatively easy. Especially for anything regular, outstanding, or that can be pumped. Hidden services definitely fall under the latter. They either don't have them within network yet, or they're on about bigger/secret fish and don't care to shut them down. Drugs, murder, crime and cp... all traditional LEA areas, will nearly always take a back seat to [inter]national intrigue. They're also not 1980's CIA narco scale, so there they may remain. > exciting times :) > if you think im wrong Indeed. And no. If Tor and similar systems, Bitcoin, and whatever else are still around and canary free by 2020, they're either incredibly strong, up against clueless adversaries, or just riding unawares and high in the back seat while the driver in a black suit grins doing 88mph :) Take your pick and calibrate accordingly. _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
