[tor-talk] The heartbleed bug, hidden service private_key leakages and IP revealing

Roger Dingledine arma at mit.edu
Fri Apr 11 22:28:36 UTC 2014

On Thu, Apr 10, 2014 at 05:13:02PM -0400, hikki at Safe-mail.net wrote:
> It says in the blog:
> "Hidden services: Tor hidden services might leak their long-term hidden service identity keys to their guard relays.
> Like the last big OpenSSL bug, this shouldn't allow an attacker to identify the location of the hidden service,
> but an attacker who knows the hidden service identity key can impersonate the hidden service.
> Best practice would be to move to a new hidden-service address at your convenience."
> *If* the entry guard has obtained your private_key, or is capable of doing so, it *must* be capable of linking that private_key with the hidden service's real IP also. It is afterall your *entry* guard!
> Right?

Huh. I think you're right. I've changed the blog post. Thanks.

> I think this bug is more severe than most people think or want to believe!

It sure is showing interesting details as we explore it more.

For example, I think the SSL spec says that you shouldn't be able to ask
for a heartbeat until the SSL handshake is finished, but I think OpenSSL
lets you ask for a heartbeat during the SSL handshake. If so, that means
any local network mitm attacker, not just your entry guard, can intercept
your outgoing TCP connection and ask you for some heartbeats.


More information about the tor-talk mailing list