[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Tor security advisory: Debian flaw causes weak identity keys



Roger Dingledine wrote:
> SUMMARY:
>   This is a critical security announcement.
> 
>   A bug in the Debian GNU/Linux distribution's OpenSSL package was
>   announced today. This bug would allow an attacker to figure out private
>   keys generated by these buggy versions of the OpenSSL library. Thus,
>   all private keys generated by affected versions of OpenSSL must be
>   considered to be compromised.

One of my tor nodes was affected. I've upgraded openssl and changed keys.

Two questions:

Do I have to do something to get the old key blacklisted to make sure
that someone can't impersonate it?
(Old fingerprint: $C33ABC15B69DA274588CA1869CC1EE7B1DC11DAD)

Should I rename my node? It doesn't show up as named anymore because of
the key change.