A Tor Project developer reports the project is enhancing its software to rapidly detect tampering to its network for the purpose of surveillance.
Tor Browser lead developer Mike Perry says the system is now being designed so many people can confirm if code has been revised and "eliminate single points of failure." He notes, "even if a government or a criminal obtains our cryptographic keys, our distributed network and its users would be able to detect this fact and report it to us as a security issue. From an engineering perspective, our code review and open source development processes make it likely that such a backdoor would be quickly discovered."
Distributing a tampered Tor Browser without at least initially triggering security checks requires two cryptographic keys. The SSL/TLS secures the connection between a user and Tor Project servers, while the key employed to sign a software update is the other required component.
Perry says the keys are currently not accessible by the same people, and they also use different securing techniques.
From IDG News Service
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA