Tor uses 1024 bit keys for a lot of its encryption, and it's pretty much agreed that the NSA can crack these with custom chips that IBM and others manufacture for them. This is especially true for anyone using an old version of Tor like 2.3. The 2.4 version has better security but only about 10 percent of Tor servers have upgraded.
Graham ran a "hostile" exit node on 22,920 Tor connections and looked at the encryption mediated by algorithms on incoming connections. Only about 24 percent were using the newer 2.4 software, meaning 76 percent were using the old, NSA-vulnerable keys. With everything that's coming out about the NSA working to undermine encryption across the board it's another concerning example of NSA proliferation in what's supposed to be an especially anonymous corner of the internet. [Ars Technica]