On Fri, 2013-10-18 at 12:28 -0400, Tom Goldman wrote: > NOTE: Sorry about sending that duplicate. > > Best regards, > cl34r > > On Fri, Oct 18, 2013 at 10:13 AM, Tom Goldman <an0n102...@gmail.com> wrote: > > > Recently, I stumbled upon a very interesting article at > > http://spectrum.ieee.org/telecom/security/can-you-trust-nist > > Does this mean that Tor could technically be weakened by the NSA? > > > > Best regards, > > cl34r > >
Yes/No. Yes, the same thing that happened there could happen to Tor source code during it's development, that upgrades and new standards can contain bugs, even malicious ones. That's why public development is so crucial. We need random joe to be able of studying tech development in order to have any minimal assurance that those evil bugs are not intentionally left there by the bugger who sees those bugs as features. No, or rather I don't know, this specific compromise of SHA-3 is not meaningful to Tor. If tor were to use these algo to encrypt the traffic, it would be just a matter of changing the algo to safer one. But then we need to know the state of cryto algo's nowadays against math knowledge and computing processor power. I'm not knowledgeable enough to comment on this, but having to decide on the lack of this knowledge I guess we come to a need to rethink our "trustees" and support them somehow. The other path is to devel your own cripto system which does not rely on public available standards. That wouldn't mean it's unreversible, but would mean it's not reversed yet by the time you start using it. Security by obscurity they call it. BTW, is there any consensus on kryptos sculpture meanings? -- Do not forget that we are cattle on an animal farm which is managed and handled mostly by machines. Machines do what they are/were told to. What lies in between stdin and stdout and is not shown in stderr? GPG: 0x48BE63E6 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
