Does TOR use any non-ephemeral (non-DHE) ciphers?
Nick Mathewson
nickm at freehaven.net
Wed Sep 24 15:46:29 UTC 2008
On Wed, Sep 24, 2008 at 08:38:23AM -0400, 7v5w7go9ub0o wrote:
> David Howe has been running some tests, and has discovered that in many
> cases, SSL transactions can be recorded, and decrypted by Wireshark
> after the fact - this because an ephemeral cipher was NOT chosen by the
> server; i.e. a cipher was chosen that does not provide "Perfect Forward
> Secrecy" . This ability of Wireshark provides a motivation to steal or
> subpoena private keys - which may awaken governmental interest in TOR
> private keys!?
This isn't news. If you have compromised a private key used for SSL
sessions, and a ciphersuite without PFS is used, you can decrypt those
sessions after the fact. That's basically what "without PFS" means.
> So this begs the questions:
>
>
>
>
> Does TOR use any non-ephemeral (non-DHE) ciphers?
You mean ciphersuites, not ciphers. The answer is "No; Tor always
uses ephemeral-key modes with TLS."
More information about the tor-talk
mailing list