Is Tor's Anonymous Internet Still Secure?

Browsing the Web with The Onion Router, or Tor, is supposed to make you anonymous. Many of the encryption algorithms used by this popular Internet anonymizing protocol have likely been cracked by the NSA, says one security expert – and upgrading to the newest versions of Tor software won’t be enough to protect your privacy.

There's still much we don't know about the NSA's reported ability to circumvent online encryption. The Sept. 5 articles by The New York Times and The Guardian are light on details, but they suggest that the NSA has cracked a significant portion of the Secure Sockets Layer (SSL), the encrypted protocol that oversees the connection between your browser and the websites it displays.

That means 76 percent of Tor's supposedly anonymous network traffic might be crackable by the NSA, according to the findings of security expert Robert Graham, the CEO of Errata Security.

MORE: 13 Security and Privacy Tips for the Truly Paranoid

However, Roger Dingledine of the Tor Project told Tom's Guide that Graham's findings may be due to the sudden spread of a Tor-based botnet, or hidden network of malware-infected computers.

Tor is a networking protocol originally sponsored by the U.S. Naval Research Laboratory. Now an open-source project, the protocol is used in various pieces of software, including the Tor Project's free-to-download browser bundle, which anonymizes your data by sending it through a random selection of more than 3,000 servers, called relays.

These relays are run by volunteers around the globe.  Each relay decrypts only enough of the data to send it on to the next server, a process comparable to peeling back the layers of an onion (hence the name).

This process masks the origin of Web traffic, forum posts and other data sent over the Internet. It also makes it difficult to read the data while it's in transit.

Many people depend on Tor to provide an extra layer of security and privacy to their online activities. But online security expert Robert Graham suspects — and the recent NSA revelations seem to confirm — that the NSA is capable of cracking Tor wide open.

If the NSA is devoting significant resources to cracking SSL, it's probably already cracked a type of SSL that encrypts connections using what are called 1024-bit RSA or DH keys.  These are randomized strings of 1,024 ones and zeroes that unlock the encryption of the RSA (Rivest-Shamir-Adleman) and DH (Diffie-Hellman) algorithms.

Security experts have long known that 1024-bit keys were becoming out of date. However, many websites still haven't upgraded to 2048-bit RSA keys, which are longer and therefore more secure.

Until recently, Tor used 1024-bit DH keys.  The newest update, version 2.4, incorporates a different kind of DH encryption that uses a powerful next-generation encryption technique called elliptical curve cryptography.

However, according to Graham's research, only 24 percent of Tor traffic uses the elliptic-curve cryptography in version 2.4. That means more than three-quarters of Tor traffic uses some form of 1024-bit DH key, which is likely crackable by the NSA,  Graham said.

More significant, Graham's findings show that only 10 percent of Tor relays have upgraded to 2.4. So even if you upgraded to 2.4, your Tor traffic might still get bounced through one or more relays running 2.3, meaning your upgrade isn't really doing you any good.

Dingledine said, however, that by his count the number of relays running 2.4 is closer to 50 percent.

Dingledine pointed out that Tor traffic has spiked considerably since Aug. 20, apparently because a rogue bot has been installing Tor version 2.3 on millions of computers. The flood of new Tor clients running 2.3 probably accounts for the low percentage of elliptic-curve encrypted traffic.

In his analysis, Graham also said that elliptical curve cryptography might not be as secure as thought.

"We think the NSA has made a breakthrough in mathematics," Graham told Tom's Guide.  "That breakthrough may be in the 1024 bit keys I refer. Conversely, it may be in the newer elliptical curves. We just don't know where."

Don't panic yet, though.  Just because the NSA has (probably) cracked 1024-bit keys or even (conceivably) elliptic curve cryptography, doesn't mean that everyone has.  

All we know for sure is what was reported in The New York Times and The Guardian on Sept. 5: that the NSA can "undermine the major tools protecting the privacy of everyday communications in the Internet age." The articles did not provide specifics about which tools were undermined and what methods were used.

"It's not at all clear that NSA can break 1024-bit keys easily, or even at all currently," Dingledine said. "The main risk is that there will come a time in the future when it is easy — and we don't know when that time will arrive — and if they've logged Tor traffic flows from today, they'll be able to break those flows at that future point."

Email or follow her @JillScharr. Follow us @TomsGuide, on Facebook and on Google+.

·         How the NSA Gets Into Your Smartphones

·         Online Security Pioneer Predicts Grim Future

·         Privacy Software Review 2013

Jill Scharr is a creative writer and narrative designer in the videogame industry. She's currently Project Lead Writer at the games studio Harebrained Schemes, and has also worked at Bungie. Prior to that she worked as a Staff Writer for Tom's Guide, covering video games, online security, 3D printing and tech innovation among many subjects.