[tor-talk] The heartbleed bug, hidden service private_key leakages and IP revealing

hikki at Safe-mail.net hikki at Safe-mail.net
Thu Apr 10 21:13:02 UTC 2014


It says in the blog:

"Hidden services: Tor hidden services might leak their long-term hidden service identity keys to their guard relays.
Like the last big OpenSSL bug, this shouldn't allow an attacker to identify the location of the hidden service,
but an attacker who knows the hidden service identity key can impersonate the hidden service.
Best practice would be to move to a new hidden-service address at your convenience."

*If* the entry guard has obtained your private_key, or is capable of doing so, it *must* be capable of linking that private_key with the hidden service's real IP also. It is afterall your *entry* guard!

Right?

I think this bug is more severe than most people think or want to believe!


More information about the tor-talk mailing list