[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: What about private & Public Keys

To: or-talk@xxxxxxxxxxxxx
Subject: Re: What about private & Public Keys
From: grarpamp <grarpamp@xxxxxxxxx>
Date: Mon, 18 Oct 2010 15:33:38 -0400
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 18 Oct 2010 15:33:45 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=k2k7KK7ARIZ0yfGXSVYnLJdsqr99Mgg5LXhdAtqiiJo=; b=CcthqqbmoT10mMJ+t0svjSM+6hWi9bU382KPZ+qfU+k3ZeP2sVkHnv4HUEVFf6zoUE Z4LA7FkocFmByHUu7Kx5zUkSvb6MxWM1YENioZiiCC//rPBrD8sW4EEBMYAj1eKPdNdp kGdjLznrbewxRIQ+dJD8S+Ni5kVRBqJzTEb5I=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=Rw9WjMIojcbGoGkWfVfrFxwyXw3xLvn7i2HqDlsgKUcvz9ek8B3kLyQ3JPf8f0NvI1 GZpnyBJc4L2FK6sTxFvPnU6dT3MPLUzoM8zkFOclmnq6xSetjtqCopEGs9RaYkAfIH+l hr9P7iqNpGEw0nsTOvnP7NhVrHe6IquZ+a7QM=
In-reply-to: <AANLkTinMLeX5XJD-JFOX+8rK4BaLN2M-u0qEftWuwLhx@xxxxxxxxxxxxxx>
References: <201010182037.26420.Thomas.Hluchnik@xxxxxxxxxxxxx> <AANLkTinMLeX5XJD-JFOX+8rK4BaLN2M-u0qEftWuwLhx@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

The net already changes session keys.
If referring to the base key... no.
Because a compromised computer must be presumed broken until fixed.
Rotating keys would just churn the fingerprints, directories, etc... all while
the attacker continues to happily read whatever the Tor daemon is doing.
Practice good admin, secure your machines and audit your code instead.

On 10/18/10, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote:
> On Mon, Oct 18, 2010 at 2:37 PM,  <Thomas.Hluchnik@xxxxxxxxxxxxx> wrote:
>> Maybe this subject has already been discussed here.
>>
>> Given, an attacker succeeds to break into a large number of tornodes and
>> gets a copy of the secret keys from all those nodes. This would increase
>> the chance to decrypt parts of the traffic that goes through the tor
>> network. Am I right?
> [snip]
>
> No, Tor uses perfect forward secrecy. The session key for every node
> to node link is encrypted with one-time ephemeral keying.
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
>
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/

References:
- What about private & Public Keys
  - From: Thomas . Hluchnik
- Re: What about private & Public Keys
  - From: Gregory Maxwell

Prev by Author: Re: Me <-> Tor <-> VPN <-> Internet?
Next by Author: IRQ balancing
Previous by thread: Re: What about private & Public Keys
Next by thread: Re: What about private & Public Keys
Index(es):
- Author
- Thread