What about private & Public Keys
grarpamp
grarpamp at gmail.com
Mon Oct 18 19:33:38 UTC 2010
The net already changes session keys.
If referring to the base key... no.
Because a compromised computer must be presumed broken until fixed.
Rotating keys would just churn the fingerprints, directories, etc... all while
the attacker continues to happily read whatever the Tor daemon is doing.
Practice good admin, secure your machines and audit your code instead.
On 10/18/10, Gregory Maxwell <gmaxwell at gmail.com> wrote:
> On Mon, Oct 18, 2010 at 2:37 PM, <Thomas.Hluchnik at netcologne.de> wrote:
>> Maybe this subject has already been discussed here.
>>
>> Given, an attacker succeeds to break into a large number of tornodes and
>> gets a copy of the secret keys from all those nodes. This would increase
>> the chance to decrypt parts of the traffic that goes through the tor
>> network. Am I right?
> [snip]
>
> No, Tor uses perfect forward secrecy. The session key for every node
> to node link is encrypted with one-time ephemeral keying.
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo at torproject.org with
> unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
>
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list