Quote from: SelfSovereignty on August 07, 2013, 01:18 amJust in case you aren't uncomfortable enough yet after the past week -- http://www.technologyreview.com/news/517781/math-advances-raise-the-prospect-of-an-internet-security-crisis/From the article: "Our conclusion is there is a small but definite chance that RSA and classic Diffie-Hellman will not be usable for encryption purposes in four to five years..." Lovely. Juuuuust lovely. I don't know about any one else, but I've always used RSA. I think I'll look into changing that...... so, I looked into changing it, and to save every one else the trouble: the main branch of gpg and gpg2 that everyone else uses doesn't support elliptic curve algorithms. There's gpg2ecc which does, and the development (beta) release of gpg does... but the problem is that nobody else is going to be using these things. So in other words, nobody except those who went out of their way to get these programs will be able to decrypt your messages, which makes sending them to begin with pretty pointless. I guess we're stuck with RSA for the time being.They say bad things happen in threes, so I guess what I am going to report will be the third item. 2013 IEEE Symposium on Security and PrivacyTrawling for Tor Hidden Services: Detection, Measurement, DeanonymizationAlex Biryukov, Ivan Pustogarov, Ralf-Philipp Weinmann - University of Luxembourg{alex.biryukov,ivan.pustogarov,ralf-philipp.weinmann}@uni.luAbstract -- Tor is the most popular volunteer-based anonymity network consisting of over 3000 volunteer-operatedrelays. Apart from making connections to servers hard to trace to their origin it can also provide receiver privacy forInternet services through a feature called "hidden services". In this paper we expose flaws both in the design andimplementation of Tor's hidden services that allow an attacker to measure the popularity of arbitrary hidden services, takedown hidden services and deanonymize hidden services. We give a practical evaluation of our techniques by studying: (1) a recent case of a botnet using Tor hidden services for commandand control channels; (2) Silk Road, a hidden service used to sell drugs and other contraband; (3) the hidden service of the DuckDuckGo search engine.Keywords-Tor; anonymity network; privacy; hidden servicesIX. CONCLUSIONWe have analyzed the security properties of Tor hidden services and shown that attacks to deanonymize hidden services at a large scale are practically possible with only a moderate amount of resources. We have demonstratedthat collecting the descriptors of all Tor hidden services is possible in approximately 2 days by spending less than USD100 in Amazon EC2 resources. Running one or more guard nodes then allows an attacker to correlate hidden servicesto IP addresses using a primitive traffic analysis attack.Furthermore, we have shown that attackers can impact the availability and sample the popularity of arbitrary hiddenservices not under their control by selectively becoming their hidden service directories.To address these vulnerabilities we have proposed countermeasures. These prevent hidden service directories fromlearning the content of any the descriptors unless they also know their corresponding onion address and significantlyincrease the resources required to selectively become a hidden service directory for a targeted hidden service.However, note that the above suggestions are nothing more than stop-gap measures. We believe that the problemswe have shown are grave enough to warrant a careful redesign of Tor's hidden services.Source: http://www.ieee-security.org/TC/SP2013/papers/4977a080.pdf (clearnet)Nightcrawler4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B   (MIT clearnet keyserver)PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B  (IndyMedia https: clearnet keyserver)PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090  (Silk Road Forums PGP Key Link)PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0