The issue isn't that the encryption can be cracked (yet) but rather the type of encryption, the length of the key, and the threats of discovering that key
http://www.eetimes.com/document.asp?doc_id=1279619Some weaker encryption methods like ssl can be easily cracked because computing technology today is capable of cracking it, however as 256 bit encryption refers to a mathematical algorithm which if there was an attempt to brute force it, the maximum attempts would be 1.1 x 10 to the 77th power. Even with a super computer it would take 1 billion years to crack a key that's 256 bit assuming that was what was being used. We simply do not have the technology at this time to handle that kind of encryption, the amount of power that would need to be used would far exceed what we have available at this time. That is not to say in the future that there will be technology, obviously quantum computing could change that in the near future.
To make the technology even more sophisticated, if tor and i2p were used in the way they were supposed to for internal darknets only and individual users had secure operating systems, disabled java, JavaScript and flash, and wiped memory, then the technology would be relatively secure, the way tor project works is you use http traffic over a local proxy running on your computer that routes you through onion routing using a list of peers acting as nodes to route your traffic, each data packet is encrypted in layers hence the name onion routing, each packet has its own key and can only be decrypted upon reaching each node until it hits the exit node. That in its self makes the architecture and design secure for plausible deniability.
The problem is not in the encryption, the problem is that you don't know who the exit node is hence the exit node once data is decrypted may not know who the user was that requested data to be sent back, however if say you login to facebook in plaintext or jtf, then the individual on the exit node is sniffing the packets, they can find out so and so username was using them as a exit node and build a profile.
The other problem as previously mentioned is with sites that are infected with iframe or another good example would be youtube, while your http traffic may be encrypted, when you view a video in flash, it is not encrypted since data from flash would make a direct connection via a separate port from 80 and transmit data outside of the local proxy hence collecting information on the operating system, the browser, etc.
The last vulnerability would be the issue of data being retained in memory, and so an example would be lets say you encrypt your data with truecrypt on your computer in a encrypted container, you dismount believing the data to be encrypted, the problem is your encryption key is stored in memory which all data content is temporary mounted in memory as well known as a memory footprint, that means a forensics agent could do a memory dump and extract the key even though you dismounted the encrypted container and believed it to be decrypted. The truth is computers need to be completely powered down or the memory dump overwritten and cleared to encrypt the file.
The issue is not encryption technology, it's the carlessness of users who don't properly secure themselves use weak passwords and don't know enough about the technology to properly use it, but as stated, nothing is 100 percent secure, again I have studied forensics for the past 4 years, I have countless books and experience about data retrieval, packet analysis, deep packet inspection, etc, I'm very familiar with the technology.
Stating that using tor means that your being watched would be similar to saying the Internet allows your computer to be watched, it's true that theoretically a Internet service provider COULD implement deep packet inspection like china to monitor entry points to the tor network that are known, and it wouldn't be difficult to filter that out, however tor in its self is not causing viruses to expose them or backdoored.
Aes 245 bit encryption algorithm is something like this
No. of Years to crack AES with 128-bit Key = (3.4 x 1038) / [(10.51 x 1012) x 31536000]
= (0.323 x 1026)/31536000
= 1.02 x 1018
= 1 billion billion years
If you assume:
Every person on the planet owns 10 computers.
There are 7 billion people on the planet.
Each of these computers can test 1 billion key combinations per second.
On average, you can crack the key after testing 50% of the possibilities.
Then the earth's population can crack one encryption key in 77,000,000,000,000,000,000,000,000 years!
Infact if you look on the net, you will find cases of court cases being tossed because aes 256 bit encryption couldn't be cracked, if you look for articles on the net, read very carefully through the articles that claim the encryption has been cracked and you will find that the only time access has been gained was through the threat models I mentioned, a strong passphrase and encrypted layers of packets are not impossible to crack but are extremely difficult to gain information with our current technology.
Topic: If you use TOR, the government has been spying on you (Read 3878 times)