[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Backward decryption of Tor traffic after Debian OpenSSL bug disclosure



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

// Backward decryption of Tor traffic after Debian OpenSSL bug disclosure

Let some passive adversary haves a records of traffic between users Debian
GNU/Linux tor-client and servers of Tor-network (a lot of Debian's too).
The records dated 2006-may 2008.

Now Debian OpenSSL PRNG bug disclosed. All ~250000 "pseudorandom" values known.

Is it possible to adversary use this data to backward partially decryption of
recorded and stored users traffic?

- From predicted states of broken PRNG he can compute Diffie-Hellman params,
reconstructs ephemerial keys and extract session AES keys between nodes in circuit
if two of circuit has broken PRNG's.

Is it real? Or openSSL PRNG used in tor for generating auth. keys only and not
for session keys material in the case of tor?
-----BEGIN PGP SIGNATURE-----

iD8DBQFILcYLRkm9ZEvRLEARApaoAKCHz8Pk4H8jLI4xgzbCnK1EgRzH1gCffINB
tto9W39Qr3hb4cq978zBC0s=
=vUFM
-----END PGP SIGNATURE-----