I understand, from a post to this list, than tor is switching from RSA to elliptic curve key generation.
What would we expect from that update ? Thanks for everyone's effort Lluís karste...@mailbox.org: > Hello, > > the paper "How is NSA breaking so much crypto?" got the Best Paper Award > at ACM CCS im Oct. 2015. > > https://freedom-to-tinker.com/blog/haldermanheninger/how-is-nsa-breaking-so-much-crypto/ > > Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, > HTTPS websites, email, and many other protocols. The paper shows that many > real-world users of Diffie-Hellman are likely vulnerable to state-level > attackers. > > A state-level attacker like NSA can pre-compute the most common used 1024 > bit DH parameter sets which are recommend in RFC 2409. If pre-computation > was done for the two most common used DH parameter sets the NSA can braek > 2/3 of VPN connections, 1/4 of SSH connections and 1/5 of SSL/TLS > connections on-the-fly. > > EFF.org recommends to disable DHE cipher in Firefox and Chrome: > "How to Protect Yourself from NSA Attacks on 1024-bit DH" > https://www.eff.org/deeplinks/2015/10/how-to-protect-yourself-from-nsa-attacks-1024-bit-DH > > An other more advanced solution for TorBrowser would be possible. You can > increase the min. length for DH parameter to 2048 bit in NSS lib. Min. > length for DH parameter was set to 1024 in NSS 3.19.1 to avoid Logjam > attack. May be, it is time to increase it to 20148 bit? > https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.1_release_notes > > Karsten N. > -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
