新华网9月10日电 据科技博客网站Gizmodo报道,火狐上运行的洋葱路由Tor本该是躲避美国国安局网络信息监控的好去处,但最近一位网络安全专家表示,由于绝大多数用户并未升级软件,国安局其实可以不费吹灰之力就进入其加密系统。
近日针对火狐洋葱路由脆弱性发动的攻击恶作剧被查明来自美国国家安全局,而非联邦调查局(Tor,The Onion Router是第二代可突破网络审查的网络路由,推荐使用火狐浏览器——本网注)。这在很大程度上说明,国安局正寻求破解和获取Tor匿名上网的途径。 Tor想要躲避国安局的审查,这就好比是飞蛾扑火,安全专家罗伯特·格拉汉姆认为安全局不需花费任何心思就能进入Tor,因为国安局手里就掌握着进入 Tor王国的“金钥匙”,或者只要他们想进就能成。
在加密方面,Tor使用1024字节的秘钥,国安局只要利用IBM及其他公司为Tor专门定制的芯片就能解码加密文件。如果用户还在使用Tor的老版本,比如2.3版本,解码就更容易了。2.4版相对来说安全性能稍高一些,但只有10%的Tor用户升级了服务。
格拉汉姆在22,920个Tor接点上运行了一个“攻击性的”退出码,并查看了一些接点运算得出的加密程序。只有24%的Tor用户在使用最新的2.4版本软件,这意味着76%的用户还在使用老版本,很容易被国安局解码。美国国安局费尽心思努力击破各大网站的加密防线,这次发现的针对Tor 的“入侵”令人担忧,因为Tor本该是极其隐秘的互联网一角。
译者:张艺
百度新闻与新华网国际频道合作稿件,转载请注明出处。
The NSA Can Probably Break Tor's Encryption Keys
When it turned out that the Firefox JavaScript Tor vulnerability shenanigans were originating from the NSA not the FBI, it was pretty clear that the agency was looking to undermine and access Tor's anonymous internet. It's like a moth to a flame. But now security expert Robert Graham has outlined his reasons for believing that the NSA doesn't even need tricks and paltry exploits to access Tor, because they have the keys to the kingdom. Or can。
Tor uses 1024 bit keys for a lot of its encryption, and it's pretty much agreed that the NSA can crack these with custom chips that IBM and others manufacture for them. This is especially true for anyone using an old version of Tor like 2.3. The 2.4 version has better security but only about 10 percent of Tor servers have upgraded。
Graham ran a "hostile" exit node on 22,920 Tor connections and looked at the encryption mediated by algorithms on incoming connections. Only about 24 percent were using the newer 2.4 software, meaning 76 percent were using the old, NSA-vulnerable keys. With everything that's coming out about the NSA working to undermine encryption across the board it's another concerning example of NSA proliferation in what's supposed to be an especially anonymous corner of the internet。