[tor-relays] Long-term effect of Heartbleed on Tor

Tom van der Woerdt info at tvdw.eu
Wed Apr 9 17:47:24 UTC 2014

What's the long-term effect of Heartbleed on Tor?

* Should we consider every key that was created before Tuesday a bad key 
and lower their consensus weight?
* Should authorities scan for bad OpenSSL versions and force their 
weight down to 20?

A lot of relays will continue running bad OpenSSL versions which 
seriously hurts the security of Tor. A month from now the 
NSA/CGHQ/CIVD/etc may know the private keys of a large chunk of these 
relays and possibly be able to decode a big chunk of traffic...


More information about the tor-relays mailing list