Is Tor's Anonymous Internet Still Secure?

Browsing the Web with The Onion Router, or Tor, is supposed to make you anonymous. Many of the encryption algorithms used by this popular Internet anonymizing protocol have likely been cracked by the NSA, says one security expert – and upgrading to the newest versions of Tor software won’t be enough to protect your privacy.

There's still much we don't know about the NSA's reported ability to circumvent online encryption. The Sept. 5 articles by The New York Times and The Guardian are light on details, but they suggest that the NSA has cracked a significant portion of the Secure Sockets Layer (SSL), the encrypted protocol that oversees the connection between your browser and the websites it displays.

That means 76 percent of Tor's supposedly anonymous network traffic might be crackable by the NSA, according to the findings of security expert Robert Graham, the CEO of Errata Security.

MORE: 13 Security and Privacy Tips for the Truly Paranoid

However, Roger Dingledine of the Tor Project told Tom's Guide that Graham's findings may be due to the sudden spread of a Tor-based botnet, or hidden network of malware-infected computers.

Tor is a networking protocol originally sponsored by the U.S. Naval Research Laboratory. Now an open-source project, the protocol is used in various pieces of software, including the Tor Project's free-to-download browser bundle, which anonymizes your data by sending it through a random selection of more than 3,000 servers, called relays.

These relays are run by volunteers around the globe.  Each relay decrypts only enough of the data to send it on to the next server, a process comparable to peeling back the layers of an onion (hence the name).

This process masks the origin of Web traffic, forum posts and other data sent over the Internet. It also makes it difficult to read the data while it's in transit.

Many people depend on Tor to provide an extra layer of security and privacy to their online activities. But online security expert Robert Graham suspects — and the recent NSA revelations seem to confirm — that the NSA is capable of cracking Tor wide open.

If the NSA is devoting significant resources to cracking SSL, it's probably already cracked a type of SSL that encrypts connections using what are called 1024-bit RSA or DH keys.  These are randomized strings of 1,024 ones and zeroes that unlock the encryption of the RSA (Rivest-Shamir-Adleman) and DH (Diffie-Hellman) algorithms.

Security experts have long known that 1024-bit keys were becoming out of date. However, many websites still haven't upgraded to 2048-bit RSA keys, which are longer and therefore more secure.

Until recently, Tor used 1024-bit DH keys.  The newest update, version 2.4, incorporates a different kind of DH encryption that uses a powerful next-generation encryption technique called elliptical curve cryptography.

However, according to Graham's research, only 24 percent of Tor traffic uses the elliptic-curve cryptography in version 2.4. That means more than three-quarters of Tor traffic uses some form of 1024-bit DH key, which is likely crackable by the NSA,  Graham said.

More significant, Graham's findings show that only 10 percent of Tor relays have upgraded to 2.4. So even if you upgraded to 2.4, your Tor traffic might still get bounced through one or more relays running 2.3, meaning your upgrade isn't really doing you any good.

Dingledine said, however, that by his count the number of relays running 2.4 is closer to 50 percent.

Dingledine pointed out that Tor traffic has spiked considerably since Aug. 20, apparently because a rogue bot has been installing Tor version 2.3 on millions of computers. The flood of new Tor clients running 2.3 probably accounts for the low percentage of elliptic-curve encrypted traffic.

In his analysis, Graham also said that elliptical curve cryptography might not be as secure as thought.

"We think the NSA has made a breakthrough in mathematics," Graham told Tom's Guide.  "That breakthrough may be in the 1024 bit keys I refer. Conversely, it may be in the newer elliptical curves. We just don't know where."

Don't panic yet, though.  Just because the NSA has (probably) cracked 1024-bit keys or even (conceivably) elliptic curve cryptography, doesn't mean that everyone has.  

All we know for sure is what was reported in The New York Times and The Guardian on Sept. 5: that the NSA can "undermine the major tools protecting the privacy of everyday communications in the Internet age." The articles did not provide specifics about which tools were undermined and what methods were used.

"It's not at all clear that NSA can break 1024-bit keys easily, or even at all currently," Dingledine said. "The main risk is that there will come a time in the future when it is easy — and we don't know when that time will arrive — and if they've logged Tor traffic flows from today, they'll be able to break those flows at that future point."

Email or follow her @JillScharr. Follow us @TomsGuide, on Facebook and on Google+.

·         How the NSA Gets Into Your Smartphones

·         Online Security Pioneer Predicts Grim Future

·         Privacy Software Review 2013

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects. 

  • koga73
    What if all internet traffic went to your ISP, through NSA, then back out? Would TOR even be secure at this point? If the traffic is routed through the TOR network to other peers then it would most likely pass through the NSAs servers at some point. Looks like we need a whole new internet.
  • TheLoneWolf989
    TOR is so slow and was never secure anyway because for all you know it could end up going through a dodgy server provider, why can't people just get a VPN?
  • RealBeast
    Why doesn't the NSA just lose the middleman -- I mean why waste time with Google and Microsoft. If they just buy my cable provider and offer a good discount on gigabit Internet, I would use their service so they wouldn't have to even waste time with FISA warrants and all. /sarcasm
  • ddpruitt
    I don't see how people think the internet is a secure place. Always assume anything being transmitted can be read by anyone unless you take steps to secure on your end. And it's been know for a while that 1024 bit encryption of is on shaky ground. Theoretically the NSA has broken it and commercial level hardware is pretty close to making this feasible.
  • a20052020
    Tor sucks for speed, security, usability. Not to mention because any machine can become an exit node all it takes is a lot of resources and manpower to own a large enough portion of the Tor network and you can figure out who and where the people are all without them knowing who you are. (Its like backwards privacy with a false sense of security and dial up like speeds).

    Want a private network, make a private network. (The World Wide Web isn't private and even if the NSA wasn't watching you can be sure your ISP, Google, Random Companies, Universities, China, Russia, Random People... are)
  • somebodyspecial
    "It's not at all clear that NSA can break 1024-bit keys easily, or even at all currently,"

    So quit printing this crap please (every day, 3-4 articles, repointing again and again to the same guardian crap article that proves nothing also). The single line above kills the whole article. Among other statements showing the same. a 75% crack doesn't make a game work. IT just crashes at some point. Just like 75% of the instructions from point AtoB won't get you to point B. You be lost...LOL. Print this crap when they say 100% cracked and busted a guy on TOR etc. They had the starting point for the data, knew where it was going and busted john Q public yesterday...When you have that, print it, until this quit this crap.

    The only thing for sure is you keep printing this crap without knowing ANYTHING for sure...LOL.

    Tor still works. You may get a piece of information (even if they had the time to do this repeatedly for everyone), but still wouldn't know where it came from or where it was going that's the point of multiple points in the chain with each knowing nothing about the rest. You may know what I said, but you won't know I SAID IT.
  • Doctor_X
    Just because the NSA can crack 1024 keys doesn't mean they can do it on a large scale and in real-time. They are either cracking the keys using large scale supercomputers which even for them can be slow when you look at the volume of data or they are using purpose built Quantum computers. The Quantum computers can crack most conventional code quickly, 1024 keys in a matter of minutes. The Quantum computer can use a modified Shor's algorithm to crack elliptic curve cryptography. it is of course unknown how many Quantum computers the NSA has, but outside of government only a few dozen exists.

    The only way to be secure it to develop encryption that cannot be broken by Quantum Computers.
  • wopr11
    N O P E
  • CyberPhoneix
    Quantum Computing is just a pipe dream right now. I highly doubt the NSA has a CERN like laboratory buried under NSA headquarters lol. A project of that massive size would have been detected long long ago. The NSA might have broken the SSL encryption but in reality they likely were involved in it's development. So this isn't all that surprising really. What needs to happen now is the development of a new standard. One which is separate from the NSA prying eyes as they clearly don't have the american people's best interests at heart. Our founding fathers even knew better to make such claims.

    Benjamin Franklin famously wrote, “Any society that would give up a little liberty to gain a little security will deserve neither and lose both.” Meanwhile, our president claims that we cannot have 100% security and 100% privacy and that as a society we have to make some choices. To that I say, no Mr. President, we don’t. Let’s look, for example, at the recent attacks in Boston. Our government was violating our rights, trolling through millions of phone records, sifting through mountains of data and yet still didn't notice, or didn't notice enough, that one of the Boston Marathon bombing suspects was traveling to Chechnya. Perhaps instead of treating every American as a potential terror suspect, the government should concentrate on more targeted analysis and an analysis that doesn't violate the Bill of Rights.
  • Goku San
    your article about tor is really good but as i have experienced the google bot can travel back and crack your ip status and its really dangereous your site can be banned by google , for more information log on to