Compromised entry guards rejecting safe circuits (was Re: OSI 1-3 attack on Tor? in it.wikipedia)
Ben Wilhelm
zorba-tor at pavlovian.net
Sat Feb 16 20:38:24 UTC 2008
Anon Mus wrote:
> Ben,
>
> Yes you are right factorising this is hard, but thats not what I've
> been
> suggesting. What if every time you generated a pair of keys you stored
> the result somewhere!
>
> Say you owned a huge network of say mil/gov computers which communicate
>
> securely using sefl generated rotating keys. As any client finishes
> with
> a key pair they send them off to a central storage location. If they
> are not there already they are added to the store.
>
> To find the private key(s) you only need to search through the list of
> public keys. If you only find 1% of the server communities private keys
>
> then you've got many extra nodes to add to your dummy network.
>
> Hopefully you understand this and I'll get some sleep tonite ( :D ).
>
> -K-
You're continuing to drastically underestimate the numbers involved.
Let's say that a computer is a cube, one half foot on each side. Now
let's take the Earth, and *cover the Earth with solid computers* to a
depth of one mile. This gives us approximately 232 billion billion
computers. If you assume that each computer can generate a thousand
private/public pairs per second (I believe this is an exaggeration for
commodity hardware, though you could likely build a custom system to do
so) then that means we get 2.32 * 10^23 keys every second.
I'm going to go handwavy here and assume that one key is approximately
equal to one prime. This isn't true, but we'll end up within an order of
magnitude of the right answer, and honestly more precision than that
isn't needed.
With 7.5127 * 10^74 primes, attempting to cover 1% of the keyspace at
2.32 * 10^23 keys per second would take approximately one million
million million million million million million *years*. Excuse me for
not being particularly worried about this. And remember, this assumes
the entire surface of the planet is covered, a mile thick, with
computers. Last I checked this was not the case.
(Again, this also ignores the issue of where you store all this data.)
Seriously, sit down and think about the numbers some. The numbers are
*gigantic* - so gigantic that "brute force" becomes implausible, even if
you assume the adversary owns all the government and corporations of our
world and has access to alien supercomputers.
-Ben
More information about the tor-talk
mailing list