Tor Project Aims to Create Better, Harder-to-crack Encryption
The Tor Project wants to enhance the Tor network by designing a real-world distributed random number generator. According to a blog post on May 24th, a small group of Tor developers and researchers got together as part of a hackfest in Montreal to discuss ideas on implementing a new mechanism for generating random numbers.
Random numbers in secure communications and encryption are important for the generation of encryption keys. The Tor network, also known as The Onion Router, uses nodes and relays to anonymize traffic flowing in and out to hide original IP addresses and make scrutiny or surveillance more difficult. Essentially, the stronger the algorithm where the random number is generated, the more difficult it is for a threat group or an outsider to crack the number based on known patterns. In a recent case, the FBI used an exploit to compromise Tor’s network in order to track visitors to a website in the deep web that hosted child pornography. Based on reports, the FBI seized the forum and domain’s servers and rerouted traffic to servers controlled by the FBI. This makes the Tor upgrade bad news for law enforcement, but a welcome move for privacy-conscious users and advocates.
[READ: What is the deep web?]
The Tor Project has created a next-generation security system called a distributed RNG (random number generator) that connects two or more computers that communicate and generate random numbers and blends these outputs together. The end result is an algorithm that cannot be predicted through analytics—not even Tor developers can predict the new distributed RNG. Tor explains “It’s a complex system with multiple protocol phases that involves many computers working together in perfect synergy. As far as we know, a distributed random generation system like this has never been deployed before on the Internet.” Tor developers have completed the new distributed RNG system and have undergone rigorous testing on a network with eleven Tor routers.
“This allowed us to test scenarios that could make the protocol burp and fail in unpredictable ways. For example, we instructed our testing Tor nodes to abort at crucial protocol moments, and come back in the worst time possible ways, just to stress test the system. We had our nodes run ancient Tor versions, perform random chaotic behaviors, disappear and never come back. This helped us detect various bugs and edge cases. We also confirmed that our system can survive network failures that can happen on the real Internet. All in all, it was a great educational experience.“ As of late, the system is under code review and auditing stage.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases