[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: What about private & Public Keys



The net already changes session keys.
If referring to the base key... no.
Because a compromised computer must be presumed broken until fixed.
Rotating keys would just churn the fingerprints, directories, etc... all while
the attacker continues to happily read whatever the Tor daemon is doing.
Practice good admin, secure your machines and audit your code instead.

On 10/18/10, Gregory Maxwell <gmaxwell@xxxxxxxxx> wrote:
> On Mon, Oct 18, 2010 at 2:37 PM,  <Thomas.Hluchnik@xxxxxxxxxxxxx> wrote:
>> Maybe this subject has already been discussed here.
>>
>> Given, an attacker succeeds to break into a large number of tornodes and
>> gets a copy of the secret keys from all those nodes. This would increase
>> the chance to decrypt parts of the traffic that goes through the tor
>> network. Am I right?
> [snip]
>
> No, Tor uses perfect forward secrecy. The session key for every node
> to node link is encrypted with one-time ephemeral keying.
> ***********************************************************************
> To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
> unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/
>
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/