What about private & Public Keys
Benedikt Westermann
westermann at q2s.ntnu.no
Mon Oct 18 19:43:38 UTC 2010
On Mon, 2010-10-18 at 14:49 -0400, Gregory Maxwell wrote:
> On Mon, Oct 18, 2010 at 2:37 PM, <Thomas.Hluchnik at netcologne.de> wrote:
> > Maybe this subject has already been discussed here.
> >
> > Given, an attacker succeeds to break into a large number of tornodes and gets a copy of the secret keys from all those nodes. This would increase the chance to decrypt parts of the traffic that goes through the tor network. Am I right?
> [snip]
>
> No, Tor uses perfect forward secrecy. The session key for every node
> to node link is encrypted with one-time ephemeral keying.
If an attacker compromises the private keys of an OR, he can
authenticate himself as the OR during the TLS and the circuit
establishment process. Consequently, the attacker could read and decrypt
traffic by mounting a man in the middle attack.
Due to the property of perfect forward secrecy it can only affect
connections that are established after the key was compromised. All
connections prior to this event are still protected due to the property
of the used DH key exchange protocol [1].
To answer your other question:
> So would it be of advantage for the to network to change keys from
> time to time, like one should do with his passwords?
Yes, it has advantages.
Tor has this concept of long term key, mid term key, and short term key
(see section 1.1 of the Tor spec [2]). The short term key should be
rotated at least once a day according to the spec. However, I'm not sure
in which interval Tor changes the mid term key and long term key
respectively. Anyway, once the computer is compromised, changing the
keys is more or less meaningless.
--Benne
[1] http://www.cypherpunks.ca/~iang/pubs/torsec.pdf
[2]
https://gitweb.torproject.org/tor.git?a=blob_plain;hb=HEAD;f=doc/spec/tor-spec.txt
***********************************************************************
To unsubscribe, send an e-mail to majordomo at torproject.org with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/
More information about the tor-talk
mailing list