[tor-relays] Long-term effect of Heartbleed on Tor
Tom van der Woerdt
info at tvdw.eu
Wed Apr 9 17:47:24 UTC 2014
What's the long-term effect of Heartbleed on Tor?
* Should we consider every key that was created before Tuesday a bad key
and lower their consensus weight?
* Should authorities scan for bad OpenSSL versions and force their
weight down to 20?
A lot of relays will continue running bad OpenSSL versions which
seriously hurts the security of Tor. A month from now the
NSA/CGHQ/CIVD/etc may know the private keys of a large chunk of these
relays and possibly be able to decode a big chunk of traffic...
Tom
More information about the tor-relays
mailing list