[tor-relays] Long-term effect of Heartbleed on Tor

9 Apr 2014


      What's the long-term effect of Heartbleed on Tor?
* Should we consider every key that was created before Tuesday a bad key 
and lower their consensus weight?
* Should authorities scan for bad OpenSSL versions and force their 
weight down to 20?
A lot of relays will continue running bad OpenSSL versions which 
seriously hurts the security of Tor. A month from now the 
NSA/CGHQ/CIVD/etc may know the private keys of a large chunk of these 
relays and possibly be able to decode a big chunk of traffic...
Tom

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

[tor-relays] Long-term effect of Heartbleed on Tor