back to article Tor de farce: NSA fails to decrypt anonymised network

A new round of NSA documents snatched by master blabbermouth Edward Snowden appeared online late on Sunday, revealing spooks' internet security pet hates. The latest dump of PDFs published by Der Spiegel appeared to show what the Five Eyes surveillance buddies – the USA, the UK, Australia, Canada and New Zealand – see as …


  1. Destroy All Monsters Silver badge

    If you've transferred your private keys to a server via SSH or VPN, they've possibly been compromised. Time to revoke everydamnthing.

    100% of non-sneakernet-connected nodes (pretty much the whole cloud for starters) fucked??


    WTF does STRAPONE mean?

    1. Anonymous Coward

      WTF does STRAPONE mean?

      It means that they have no dick...

      1. BillG

        Re: WTF does STRAPONE mean?

        It means that they have no dick...

        Well that's what I heard.

        (anyone get the movie reference?)

        1. Anonymous Coward

          Re: WTF does STRAPONE mean?

's true... this man has no dick...

          1. Anonymous Coward
            Anonymous Coward

            Re: WTF does STRAPONE mean?

            Bill Murray, Ghostbusters, recently re-released as SPOOK Busters. Download it now.

    2. DavCrav

      "WTF does STRAPONE mean?"

      Let me Google that for you: "STRAP classification" gives you this.

    3. MustyMusgrave


      It means Level Top Secret.. Like MJ-IC-1-2...

      Although yeah, it does sound like STRAP-ON!

      They've even got Stickers.. Green is below Top Secret.. yellow is Secret for some and Red is super secret, you can read about it by doing a search for Top Level Telecommunications.. They break down all the code words, like Marina... Which is just another name for the TITAN super-computer with pretty pictures of Marine animals on the side, it's the dwelling place of O - the Octopus!

      It's really not quite as good as all the photo's that circulate the web of the huge rack of servers from all the engineers that have worked so hard at putting it all together! I've got PICS!

      See =

  2. e^iπ+1=0

    SSL private keys

    'SSL privates (sic) can easily be swiped by asking the CA root to hand it over.'

    What if the bad guys create their own CA? Even I've created my own CA for test purposes.

    If the bad guys use their own CA then the feds need to find them before asking for the private keys.

    1. Anonymous Coward
      Anonymous Coward

      Re: SSL private keys

      Also asking the ca will not result in them getting your private key, the ca never had your private key, you generate your public private keys and the have your public key signed by the ca. They never see the private key.

      They can give them a new signed public key for your address to do a man in the middle attack.

    2. streaky

      Re: SSL private keys

      Yeah that's probably most egregious of the nonsense points in the article. CA attests your signing request, it never sees your private key. If it did then PKI would be even more fundamentally broken that it actually is and nobody would use it because it'd have been replaced by a system that works more like PKI actually does decades ago. Yes PKI is broken, no, not that way.

      Just no.

      Even the CA handing over their [root/intermediate] keys would only allow them to create new certs pretending to be you but the thumbprints wouldn't match and that CA would go out of business 3 days later because their root certs would be revoked left, right, center and on mars so no court (secret or otherwise) would ever do it because it'd be the end of a significant number of large US tech companies which the NSA, CIA and other alphabets would full well know.

  3. resudaed

    SSL not compromised if you use your own key?

    If you generated your own private key (which you should have done to consider your certificate secure) then the SSL private cert provided by the CA is useless without the key that you never gave them.

    1. Anonymous Coward
      Anonymous Coward

      Re: SSL not compromised if you use your own key?

      Commercially signed SSL certs have traditionally been heavily promoted as a way to verify the identity of the site you're connecting to, when in fact their role in encrypting the data going over that connection is at least as important. In situations where the identity of the service isn't in doubt, self-signed certs work just fine. So maybe what we really need is a good way of identifying the provenance of services (more secure DNS?) so we can all start using certs signed by our own private keys.

  4. Gordon 10

    Seems to me

    That if Microsoft really wanted to stick 2 fingers up to the feds over the attempted Dublin data slurp they should deploy a compromise free version of Skype

    1. Anonymous Coward
      Anonymous Coward

      Re: Seems to me: how to get free unrestricted comms in 'autocratic' regimes

      I haven't talked to my friends at Microsoft recently but the entire history of Skype, (written in Eesti by Kazaa P2P programmers who actually remembered life under the Soviet Union), meant that it was originally the "compromise free" version!

      The 'attack' against Skype mostly was a paper exercise: First someone printed billions of dollars for eBay to buy Skype, then when there still wasn't a large enough attack surface, someone printed another wodge of billions more for MS, result = computer network exploitation success.

      If MS had any free-will, which they don't as they have to abide by U.S. laws, then they'd come out with SnowdenSkype based on an obfuscated SSH start-up, using similar technologies to SAIC NetEraser.

      Instead, my team has been quietly asked to look at free/open ITU-R unlicensed-band industrial/medical/scientific radio-frequency based mesh networks, no, not at Wi-Fi, but at 13.56MHz , using NVIS antenna loops (near vertical incident skywave technology, also known as cloud-warmers!)

      At least my colleagues at GCHQ can do some nice traditional radio-spookery tracking the ISM rf packets, amongst the background noise, or read the academic papers?

      1. John Gamble

        Re: Seems to me: how to get free unrestricted comms in 'autocratic' regimes

        I haven't talked to my friends at Microsoft recently but the entire history of Skype, (written in Eesti by Kazaa P2P programmers who actually remembered life under the Soviet Union), meant that it was originally the "compromise free" version!

        Except the original version had a self-rolled crypto system, which was about as secure as one would expect. If Skype's crypto has been unchanged since it first appeared, it has been insecure from day one. And if its crypto has been changed as it changed hands... well, it is almost certainly even less secure now.

    2. Kanhef

      Re: Seems to me

      The only way security-minded people would accept a version of Skype as 'compromise-free' is if it's completely open-source, and can be reliably compiled to be byte-for-byte identical to any distributed binaries. If we can't inspect the code and prove that there are no backdoors or weak, home-rolled crypto systems, it will still be considered compromised, no matter what anyone at Microsoft says.

    3. amanfromMars 1 Silver badge

      Re: Seems to me

      It has long been known that Skype has been thoroughly owned by the NSA and it clearly should never be used by anyone with sensitive sources.

      Seems to me that one has to also conclude and be aware that the NSA thoroughly owns Microsoft and their products and programs and applications clearly should never be used by anyone with sensitive sources if one wishes to retain and maintain leadership, command and control over and with novel sources/irregular and unconventional event planners/Creative CyberSpace Players and Ab Fab Fabless Non-State Actors/virtual reality expert teasers/SMARTR IntelAIgent Beings in the Live Operational Virtual Environment with HyperRadioProActive IT Systems of Secure Secret Administrative and FailSafe Executive Communication.

      Are you providing Uncle Sam/NSA your future plans and current running secrets free of charge and also paying them whilst using their systems with Windows Internet Exploring and Deep and Dark Semantic Webs, J Edgar Hoovering up in Mega Beta MetaDataBase Stations.

      1. This post has been deleted by its author

      2. Anonymous Coward
        Anonymous Coward

        Re: Seems to me

        NSA is ?

        Must be a meeting station at some place :-) .

      3. Tail Up

        Re: Seems to me

        There is a sufficient gap between Microsoft and Communications. MS and Apple's environments share the chart of consumption of browser-interface media. But - contents, dear boy, contents. Wings need air, without which they are nothing but a useless tool and a fcuk up to all efforts of the whole natural evolution (-: we're all doomed to be sectors in this pie. Until we go back to first principles.

  5. Anonymous Coward
    Anonymous Coward

    so apart from the Cisco etc router VPN pre-shared key secrets which aren't

    The NSA doc at talks about retaining cloud metadata for a year and the gchq doc at mentions the pleasant paragraph "vast amounts of encrypted Internet data which have up till now been discarded are now exploitable" the techniques are so sensitive that they aren't shareable with the partners (the 9 SSeur 'France, Germany, Spain, Italy, Belgium, the Netherlands, Denmark, Norway and Sweden') but is my raw vpn data shipped across the EU by one of the 14-partners, where it is then peeled apart?

  6. Anonymous Coward
    Anonymous Coward


    "Very naughty people use Tor"

    Is this the level of 'evidence' needed against Tor? MPs doing their expenses, that kind of very naughty?

    1. LaeMing

      Re: ffs

      Clearly Tor users didn't get a visit from Santa this year.

    2. Adam 1

      really is a good meme candidate

      > Very naughty people use ...

      Very naughty people use cars

      1. Anonymous Coward
        Anonymous Coward

        Re: really is a good meme candidate

        Very naughty people use the bus to GCHQ/NSA HQ to get to work each morning.

        1. John Hughes

          Re: really is a good meme candidate

          Have you never seen their buildings -- in both cases the notable feature is the huge parking lots.

          Not many bus riders there I guess.

    3. Any mouse Cow turd

      Re: ffs

      Very naughty people developed TOR in the first place.

  7. This post has been deleted by its author

  8. WalterAlter

    I'm feeling a bit ambivalent this morning...

    So, we're referring to the man who kept the free world free and legitimized an army of conspiracy nuts and whistleblowers by verifying their worst scenarios, a "BLABBERMOUTH" now?! This is the Reg's take on the bold unswerving savant benefactors of all humanity??!! This is your idea of a rational perspective on the now realized undead fascist zombie overlord hell in waiting???!!! Has the Reg become a cold, congealed pudding of satanic SWERVERS????!!!!

    1. perlcat

      Re: I'm feeling a bit ambivalent this morning...

      Better calm down, Walter. You're lathering again.

      1. WalterAlter

        Re: I'm feeling a bit ambivalent this morning...

        Jeez guys, hop over to the 7-11 and pick up a six pack of Satire Lite on me. Lather!?...I'll tell you about my lather...! (kablooie)

        "There goes Bill..."

        (spot the cryptic film and literary references for a free week at Mel's Futon Corral)

        Sorry, It's my chronic case of internal monolog. Doctors scratch their heads, philosophers want me dead. Ugly, tragic and marginally illuminating...what ya gonna do. Thanks for being my only social contact all month. I think I'll go watch some YouTube Vine compilations now.

    2. Greg J Preece

      Re: I'm feeling a bit ambivalent this morning...

      Getting this week's FOTW out of the way early, aren't we?

      1. Mark 85

        Re: I'm feeling a bit ambivalent this morning...

        Needs some work.. a few expletives and maybe a bit more name-calling. For a Monday, let's rate that rant at a 5. If it were Friday, it would probably be a 2. Practice, Walter, practice. You'll get FOTW eventually.

  9. ZSn


    PGP (still secure), AES (under attack but no definitive proof that it was compromised by spooks) and OTR (secure, but the software implementing it was found to be buggy and exploitable).

    You're mixing apples and oranges, PGP can use AES, so if AES is insecure so is PGP. Don't mix cryptographic primatives and protocols.

    AES is no more compromised or attacked than any other primitive. What else do you propose to use?

    Incidentally - what happened to the edit your own post button. Am I being blind in not seeing it - or has it gone away in the latest site re-org?

    1. John Brown (no body) Silver badge

      Re: Secure?

      "Incidentally - what happened to the edit your own post button. Am I being blind in not seeing it - or has it gone away in the latest site re-org?"

      No, it's not gone away. Problem at your end.

      1. ratfox

        Re: Secure?

        That I know, the edit your own post button is mostly only available to people with a shiny silver or gold badge.

        EDIT: like mine.

    2. 142

      Re: Secure?

      There's a time limit for edits, 10 minutes I believe. Perhaps you exceeded it?

  10. Anonymous Coward
    Anonymous Coward


    It seems that the obvious thing to do is for TOR internal nodes to introduce random delays before forwarding to the next node.

    While it would significantly slow the network, it would make provable timing analysis impossible.

    Heck, maybe it has already been done?

    1. Anonymous Coward

      Re: Timing...

      But with extra delays just think how long it will take to torrent a BlueRay box set!

      (I'm abusing a system provided by volunteers to defend free speech around the world??? au contraire! I'm helping defeat traffic analysis by contributing noise. Yes indeedy, and if I eat your entire lunch and nick your wallet it's purely to give you a headstart on that New Year's resolution to lose weight...)

    2. Kanhef

      Re: Timing...

      If every node delays every packet by a random amount in the same range, all this will do is slow down the network. With enough packets to analyze, the randomness averages out and isn't a significant obstacle. A better approach might be to add delays depending on the speed of the individual connections between nodes; the idea is that all traffic takes the same amount of time to transit through a node, no matter where it came from or where it's going.

      1. Frumious Bandersnatch

        Re: Timing...

        all this will do is slow down the network

        Yes and no. If you delay packets by a random amount, then yes, the network slows down. If, on the other hand, you replace a FIFO scheduler with one that merely randomises the queue order, then throughput is maintained*. Slowing down the end-to-end routing of packets through the network like this will impact the users, though the network throughput is unaffected.

        * a simple example scheme which has a 1/2 chance of delaying the head packet in the queue if it's the first time it's been seen, and a decreasing sequence of probabilities 1/4, 1/8, 1/16, etc. each subsequent time it's due to be sent will mean packets may wait in the queue indefinitely (with infinitesimal probability), but on average will take 2x as long to get through it (sum of infinite series 1 + 1/2 + 1/4 + ...), not taking the probability of the replacement packet being sent into account...

        1. Anonymous Coward
          Anonymous Coward

          Re: Timing...

          If, on the other hand, you replace a FIFO scheduler with one that merely randomises the queue order, then throughput is maintained*.

          Eve could presumably still simply count the number of packets seen at each end though. And are all tor packets the same size?

  11. Lars Silver badge

    Please, naughty people

    "Very naughty people use Tor". Please tell us you never fly, fart, use public transportation, the postal service, roads, dentists, hot dogs, chics. Please tell us what we can safely use that you naughty have left for us to use.

    Time, perhaps, to use Tor so that "less" naughty people use it.

  12. Anonymous Coward
    Anonymous Coward

    Meanwhile, back at the ranch...

    The US military (which includes the NSA) can't defend their own department headquarters from "cyber" attack, let alone any of the taxpaying commercial businesses and private individuals located in the US. From my perspective that means they've completely and utterly failed to do their job. Instead of begging, borrowing or stealing their way into all of our back closets, they should have been concentrating their billions in funding on the really hard work of building and deploying the systems, architectures and processes required to keep the bad guys out. It's really astounding how anyone over there kept their jobs given that level of non-performance. I guess their overseers in Congress were too distracted by all the shiny objects (financial intel on potential investments?) dangled in front of them during top secret briefings.

    1. Sureo

      Re: Meanwhile, back at the ranch...

      If they deploy anything that keeps the bad guys out, anyone can use it to keep them out. Not in their interest I'm afraid.

  13. unso

    Eh? The CA does not necessarily have the private key. Mine signs a CSR generated by yours truly.

    1. Destroy All Monsters Silver badge

      I sure hope the CA does NOT HAVE the private key, otherwise there is a bad case of PEBKAC at the end of the CA's customer.

  14. keithpeter Silver badge

    Making the artificial fingerprint.

    Very near the back entrance to New Street Station should you happen to be passing. Video shows some detail on the way the artifical fingerprint can be made. I think it is still on, the CCC flag is still flying!

    1. Anonymous Coward
      Anonymous Coward

      Re: Making the artificial fingerprint.

      BOM is closed for Crimbo

      Re-opens Friday 2nd Jan


  15. Anonymous Coward
    Anonymous Coward

    Clarification needed

    "while SSL private keys can easily be swiped by asking the CA root to hand it over."

    How? My understanding is that root CA's never see the private keys - they just sign the public key. This should mean that whilst they can issue fake certificates enabling MITM attacks they can't actually provide the private key to enable decryption of existing traffic.

    So either the above understanding is incorrect. Or They have some secret methodology to obtain private keys from something the CA's have. Or They are doing MITM on a huge amount of traffic which seems unlikely as these should be easy(er) to spot...


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like