Don't take anything on trust! The whole Tor codebase is publicly available, with all its documentation. You can download it yourself and look over it. Hundreds of thousands of programmers better than me have done so. Bugs have been found, and patched. Crooks and cyber-terrorists have spent years trying to find exploits they can use to crack Tor and steal secrets and cryptocurrency. They've all failed to date, but some have found ways to make it waste resources and crash. Those have been patched, too. Nothing made by humans can ever be infallible or immune to misuse, but Tor has certainly been field-tested more than any similar tool. According to Edward Snowden, the bad guys (NSA) have spent a lot of resources trying to break Tor, and failed. "Tor Stinks", the leaked presentation was headlined. They and their frenemies in the FBI have been able to catch Tor users, but only by tricking them into downloading viruses that target other software on the users computer - Firefox (since patched) and various media players. Tor's not magic, but its pretty darn good at what it does. Thats just the start of your OPSEC journey, of course.
Yes i know and i already had that conversation here on nostr with a lady that's cybersexurity specialist, I don't remember her name, ava maybe? Anyway... Tor is the best there is, but not for everything. For example, if you are iranian opposition would you use tor? Yeah, why not if you don't care that the USA agencies can see you. But if you are a russian spy would you use something that relies on usa navy cryptography? Probably not... Even there is not a bug or something, hard to believe that the usa navy gave sha-256 to the public without having the ability to decode it if needed. Right?
During the 1980s, the NSA managed to have various hashing and encryption schemes made standard that contained numerical constants, basically partial keys already calculated by the NSA. Other countries have cryptographers, and they wised up. By the time Phil Zimmerman wrote PGP, no one trusted algorithms with suspicious looking constants. The field of cryptography is now quite international, and there have been many highly-skilled attacks on all the currently popular algorithms. Because the banking sector and the US government use them too. I'm quite sure both Iranian opposition and Russian spies use AES and public key encryption. In fact, they probably both use Tor for some time-sensitive communication. Russian embassies likely prefer OTP instead for the highest security communications, but they have secure out of band methods for distributing keys to their embassies.
That's an interesting opinion. Maybe you are right. I have doubts obviously. But thanks, i appreciate it. If you have more to say on this, i hear...
If you have doubts, let us know the specifics, and we will all learn!
Right. It's what i already told. I don't know much about cryptography, just a few things, but when i have a project being funded by the USA government while it's using a USA navy algorythm, doesn't mean it's ok and that there is not a backdoor or something because the code is open and can and was review by several people. Funding a project that uses your cryptography and that can be used against you, makes no sense to me, except if you have a backdoor. The recent incident with xz-utils also shows that it is possible. Yes it was revealed because it's open but it is possible. Besides that, i myself, all my life when i wanted to hide something, i did it in public view with 100% success so far.
You have a very wise attitude to these things, that you should keep. But an indication of scale might be useful. The Thing is rightly legendary in real life spy shenanigans, and a dramatic example of hiding things in plain sight. https://yandex.com/turbo/en.wikipedia.org/s/wiki/The_Thing_(listening_device) During the course of the operation, it was only handled by a few people, none of whom had much technical knowledge, and then it sat on a shelf. Tor is made of transparent digital code instead of opaque wood, it has been handled daily by experts around the globe, and there are literally tens of millions of copies. Finding out there was a back door all along would be like finding out every Toyota Corolla has a "Decepticon" form and no mechanic ever noticed until one day they rose up and took over the world. I, for one, will welcome our new robotic overlords, and I have always treated my Toyota with kindness and respect. I don't lose sleep over it, though.
I understand the point, but one question, for start, that has to be answered in a satisfying manner, is why USA is funding a project that can be used against them?
AES and RSA weren't actually DARPA or NSA products. They were designed by academics who entered them into both USA and international competitions for new algorithms. The NSA would love the ability to read everyone's mail, but the global banking industry needs cryptography to work.
Guess who holds the bigger stick?
It's also used in military applications... I don't know. Who?
IDK exactly what algorithms we use here in military radios. Even though i was trained on them. The banks have far more influence over the levers of power than any Director-General of the NSA. They need cryptography algorithms to work, or else they'd have to reopen a lot of physical branches. That doesn't mean they need Tor's _implementation_ of those algorithms to work, but thats a much smaller problem, and one we covered in detail alreadyc