Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
On Wed, Apr 16, 2014 at 06:24:40PM -0700, Andrea Shepard wrote: > A list of 1777 proposed reject lines of fingerprints which have > ever turned up as potentially exposed by Heartbleed in my scans > is available at the URL below. This was generated with the following > query: > > (select distinct > hb.probe_identity_digest as identity_digest > from > heartbleed_probe_results hb > where > hb.probe_has_heartbleed and > hb.probe_tor_checked_identity) > union > (select distinct > hb.expected_identity_digest as identity_digest > from > heartbleed_probe_results hb > where > hb.probe_has_heartbleed and > not hb.probe_tor_checked_identity) > order by > identity_digest; > > That is, it includes all probe results for which a Tor handshake was > actually completed with the identity digest in question *and* a response > to the Heartbleed probe was seen (1729 digests) or for identity digests we > expected to see for that IP/port pair for which the handshake did not succeed > but a Heartbleed response was seen (additional 48 digests). > > The target list is all IP/port pairs which have ever appeared in a consensus > or vote during the time I've been scanning, so some of these may not be > in the current consensus or have ever appeared, or they may no longer be > vulnerable but not have changed keys properly. There are a bit over 900 > vulnerable relays in the latest consensus. > > http://charon.persephoneslair.org/~andrea/private/hb-fingerprints-20140417002500.txt The SHA-256 hash of that file, for the sake of stating it under a PGP signature, is: dadd2beca51d1d5cd7ffe7d3fe3a57200c7de7e136cad23b0691df2fbe84ee3f -- Andrea Shepard PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF DE79 A4FF BC34 F01D D536 PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5 pgpqYabAMaaKx.pgp Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
On Wed, Apr 16, 2014 at 08:03:51PM -0700, Andrea Shepard wrote: > > http://charon.persephoneslair.org/~andrea/private/hb-fingerprints-20140417002500.txt > > The SHA-256 hash of that file, for the sake of stating it under a PGP > signature, is: > > dadd2beca51d1d5cd7ffe7d3fe3a57200c7de7e136cad23b0691df2fbe84ee3f Thanks Andrea. 374 of the 380 lines from Sina's file overlap with yours. I've moved moria1 to reject the union of the two lists. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
FYI guys - The Guardian just published an article about the effect of Heartbleed on the network: Tor may be forced to cut back capacity after Heartbleed bug http://gu.com/p/3zfqj On 17 Apr 2014 12:51, "Steve Snyder" wrote: > On 04/17/2014 12:17 AM, Roger Dingledine wrote: > >> On Wed, Apr 16, 2014 at 08:03:51PM -0700, Andrea Shepard wrote: >> >>> http://charon.persephoneslair.org/~andrea/private/hb- fingerprints-20140417002500.txt >>> >>> The SHA-256 hash of that file, for the sake of stating it under a PGP >>> signature, is: >>> >>> dadd2beca51d1d5cd7ffe7d3fe3a57200c7de7e136cad23b0691df2fbe84ee3f >>> >> >> Thanks Andrea. 374 of the 380 lines from Sina's file overlap with yours. >> >> I've moved moria1 to reject the union of the two lists. >> > > I hope that similar tests are being run on bridge fingerprints. > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
On 04/17/2014 12:17 AM, Roger Dingledine wrote: On Wed, Apr 16, 2014 at 08:03:51PM -0700, Andrea Shepard wrote: http://charon.persephoneslair.org/~andrea/private/hb-fingerprints-20140417002500.txt The SHA-256 hash of that file, for the sake of stating it under a PGP signature, is: dadd2beca51d1d5cd7ffe7d3fe3a57200c7de7e136cad23b0691df2fbe84ee3f Thanks Andrea. 374 of the 380 lines from Sina's file overlap with yours. I've moved moria1 to reject the union of the two lists. I hope that similar tests are being run on bridge fingerprints. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
Roger Dingledine disturbed my sleep to write: > On Wed, Apr 16, 2014 at 08:03:51PM -0700, Andrea Shepard wrote: > > > http://charon.persephoneslair.org/~andrea/private/hb-fingerprints-20140417002500.txt > > > > The SHA-256 hash of that file, for the sake of stating it under a PGP > > signature, is: > > > > dadd2beca51d1d5cd7ffe7d3fe3a57200c7de7e136cad23b0691df2fbe84ee3f > > Thanks Andrea. 374 of the 380 lines from Sina's file overlap with yours. > > I've moved moria1 to reject the union of the two lists. As an ordinary Tor relay operator who's running a directory mirror, is there anything I need to do for my Tor relay about this? I've found this message from the mailing list from a couple years ago: https://lists.torproject.org/pipermail/tor-talk/2011-October/021936.html ...which seems to imply that the directory operators are separate, and this is nothing I have to take action about. But I wanted to make sure about this, as I couldn't find anything on the Tor FAQ. Apologies if this is answered somewhere else. Thanks, Hugh -- Saint Aardvark the Carpeted http://saintaardvarkthecarpeted.com Because the plural of Anecdote is Myth. signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, (Disclaimer: I am just a "regular" supporter and have no great in-depth knowledge about Tor internals.) there is a difference between a directory *authority* and a directory *mirror*. There are only 8 or so directory authorities in the Tor network which each give a "vote" on each relay. (E.g. Authority A thinks that Relay R should get the Running and Valid flag.) The posts above are from Tor senior contributors, some running a directory authority. Roger (Tor "founder") originally said that he recommends dirauths to reject (give no flags to relays in their votes and therefore throwing them out of the Tor network) relays affected by the Heartbleed bug. A directory mirror (a relay with the Directory Mirror option enabled) just mirrors the original votes by the dirauths. Because they are all cryptographically signed, any tampering you could do to the vote could be detected by clients. (Tor clients only trust votes signed by the dirauths' keys.) Correct me if I'm wrong! :D On 04/17/2014 04:55 PM, Saint Aardvark the Carpeted wrote: > Roger Dingledine disturbed my sleep to write: >> On Wed, Apr 16, 2014 at 08:03:51PM -0700, Andrea Shepard wrote: http://charon.persephoneslair.org/~andrea/private/hb-fingerprints-20140417002500.txt >>> >>> The SHA-256 hash of that file, for the sake of stating it under a PGP >>> signature, is: >>> >>> dadd2beca51d1d5cd7ffe7d3fe3a57200c7de7e136cad23b0691df2fbe84ee3f >> >> >>> Thanks Andrea. 374 of the 380 lines from Sina's file overlap with yours. >> >> I've moved moria1 to reject the union of the two lists. > > As an ordinary Tor relay operator who's running a directory mirror, > is there anything I need to do for my Tor relay about this? I've > found this message from the mailing list from a couple years ago: > > https://lists.torproject.org/pipermail/tor-talk/2011-October/021936.html > > ...which seems to imply that the directory operators are separate, > and this is nothing I have to take action about. But I wanted to > make sure about this, as I couldn't find anything on the Tor FAQ. > Apologies if this is answered somewhere else. > > Thanks, Hugh -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlNP+74ACgkQAO6N0EYmC9a3OgCgrwgZqo6BUGlD+DaYNPPHzWCc 9XkAnRHN5klCU3w4PEuEm7vg0KDJfgZv =TQAH -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
I was going to ask something similar, and this sounds like the best kind of answer - 'you don't need to do anything' :D On 17 April 2014 17:05, Tobias Markus wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hi, > > (Disclaimer: I am just a "regular" supporter and have no great > in-depth knowledge about Tor internals.) > > there is a difference between a directory *authority* and a directory > *mirror*. There are only 8 or so directory authorities in the Tor > network which each give a "vote" on each relay. (E.g. Authority A > thinks that Relay R should get the Running and Valid flag.) > > The posts above are from Tor senior contributors, some running a > directory authority. Roger (Tor "founder") originally said that he > recommends dirauths to reject (give no flags to relays in their votes > and therefore throwing them out of the Tor network) relays affected by > the Heartbleed bug. > > A directory mirror (a relay with the Directory Mirror option enabled) > just mirrors the original votes by the dirauths. Because they are all > cryptographically signed, any tampering you could do to the vote could > be detected by clients. (Tor clients only trust votes signed by the > dirauths' keys.) > > Correct me if I'm wrong! :D > > On 04/17/2014 04:55 PM, Saint Aardvark the Carpeted wrote: > > Roger Dingledine disturbed my sleep to write: > >> On Wed, Apr 16, 2014 at 08:03:51PM -0700, Andrea Shepard wrote: > > http://charon.persephoneslair.org/~andrea/private/hb-fingerprints-20140417002500.txt > >>> > >>> > > The SHA-256 hash of that file, for the sake of stating it under a PGP > >>> signature, is: > >>> > >>> dadd2beca51d1d5cd7ffe7d3fe3a57200c7de7e136cad23b0691df2fbe84ee3f > >> > >> > >>> > Thanks Andrea. 374 of the 380 lines from Sina's file overlap with yours. > >> > >> I've moved moria1 to reject the union of the two lists. > > > > As an ordinary Tor relay operator who's running a directory mirror, > > is there anything I need to do for my Tor relay about this? I've > > found this message from the mailing list from a couple years ago: > > > > https://lists.torproject.org/pipermail/tor-talk/2011-October/021936.html > > > > ...which seems to imply that the directory operators are separate, > > and this is nothing I have to take action about. But I wanted to > > make sure about this, as I couldn't find anything on the Tor FAQ. > > Apologies if this is answered somewhere else. > > > > Thanks, Hugh > -BEGIN PGP SIGNATURE- > Version: GnuPG v2.0.22 (GNU/Linux) > > iEYEARECAAYFAlNP+74ACgkQAO6N0EYmC9a3OgCgrwgZqo6BUGlD+DaYNPPHzWCc > 9XkAnRHN5klCU3w4PEuEm7vg0KDJfgZv > =TQAH > -END PGP SIGNATURE- > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -- *Dr Chris Whittleston 栗主* Department of Chemistry University of Cambridge Lensfield Road, Cambridge, CB2 1EW Email: cs...@cam.ac.uk Tel: +44 (0)1223 336423 ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
Tobias, thanks so much for the explanation! -- Saint Aardvark the Carpeted http://saintaardvarkthecarpeted.com Because the plural of Anecdote is Myth. signature.asc Description: Digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
Can we do anything to attempt to contact those relay operators that are still affected by Heartbleed? I might be a little late to the discussion and this has already taken place, just wanted to check. On Thu, Apr 17, 2014 at 9:47 AM, Saint Aardvark the Carpeted wrote: > Tobias, thanks so much for the explanation! > > -- > Saint Aardvark the Carpeted > http://saintaardvarkthecarpeted.com > Because the plural of Anecdote is Myth. > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > -- AJ Bahnken Co-Founder of Syndicate Pro ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
A lot of relay operators were contacted within 12 hours of the heartbleed bug being published. Of course, not everyone lists their mail address in the directory, so those didn't get contacted. Tom AJ B schreef op 17/04/14 20:04: Can we do anything to attempt to contact those relay operators that are still affected by Heartbleed? I might be a little late to the discussion and this has already taken place, just wanted to check. On Thu, Apr 17, 2014 at 9:47 AM, Saint Aardvark the Carpeted wrote: Tobias, thanks so much for the explanation! -- Saint Aardvark the Carpeted http://saintaardvarkthecarpeted.com Because the plural of Anecdote is Myth. ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
On Thu, Apr 17, 2014 at 08:58:46PM +0200, Lars Kumbier wrote: > I'm supposedly running one of the still affected tor-relays and since my > relay is also a guard, I'm in the latest blocklist[1] (pre-upgrade > fingerprint). I did upgrade the system on April 9th to openssl > 1.0.1-4ubuntu5.12 - base system is an ubuntu 12.04. > > According to the changelog[2], this should have fixed the heartbleed > issue and according to this scanner[3], it should be as well. I did > create new keys anyway, but just to be sure: Is the host[4] still > affected as given in the blocklist? > > Best, > Lars > __ > [1] > https://atlas.torproject.org/#details/9AB511B6894566C1CF56043CE60077D213CF1A1A > [2] https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12 > [3] https://filippo.io/Heartbleed/#tor.kumbier.it > [4] tor running on 5.9.165.90:443 A router at that IP with identity 9AB511B6894566C1CF56043CE60077D213CF1A1A tested positive for Heartbleed several times, most recently at 2014-04-17 10:19:18, before testing negative at 2014-04-17 18:51:46 (all times UTC). If you rotate the key you should be fine, but that key is potentially exposed. -- Andrea Shepard PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF DE79 A4FF BC34 F01D D536 PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5 pgpUI6nXjnQdO.pgp Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
I'm supposedly running one of the still affected tor-relays and since my relay is also a guard, I'm in the latest blocklist[1] (pre-upgrade fingerprint). I did upgrade the system on April 9th to openssl 1.0.1-4ubuntu5.12 - base system is an ubuntu 12.04. According to the changelog[2], this should have fixed the heartbleed issue and according to this scanner[3], it should be as well. I did create new keys anyway, but just to be sure: Is the host[4] still affected as given in the blocklist? Best, Lars __ [1] https://atlas.torproject.org/#details/9AB511B6894566C1CF56043CE60077D213CF1A1A [2] https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12 [3] https://filippo.io/Heartbleed/#tor.kumbier.it [4] tor running on 5.9.165.90:443 Am 17.04.2014 20:08, schrieb Tom van der Woerdt: > A lot of relay operators were contacted within 12 hours of the > heartbleed bug being published. Of course, not everyone lists their > mail address in the directory, so those didn't get contacted. > > Tom > > > AJ B schreef op 17/04/14 20:04: >> Can we do anything to attempt to contact those relay operators that >> are still affected by Heartbleed? >> >> I might be a little late to the discussion and this has already taken >> place, just wanted to check. >> >> On Thu, Apr 17, 2014 at 9:47 AM, Saint Aardvark the Carpeted >> wrote: >>> Tobias, thanks so much for the explanation! >>> >>> -- >>> Saint Aardvark the Carpeted >>> http://saintaardvarkthecarpeted.com >>> Because the plural of Anecdote is Myth. >>> >>> ___ >>> tor-relays mailing list >>> tor-relays@lists.torproject.org >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays >>> >> >> > > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
Dear Andrea, Could you please elaborate if/how we can use your file on a Tor node? Should we use these as 'ExcludeNodes' rules in the `torrc` configuration files of our Tor nodes? Or is the file merely intended for Tor clients? Best regards, Yoriz -- Operator of the privshield.com Tor exit node On 17 Apr 2014, at 03:24, Andrea Shepard wrote: > A list of 1777 proposed reject lines of fingerprints which have > ever turned up as potentially exposed by Heartbleed in my scans > is available at the URL below. This was generated with the following > query: > > (select distinct > hb.probe_identity_digest as identity_digest > from > heartbleed_probe_results hb > where > hb.probe_has_heartbleed and > hb.probe_tor_checked_identity) > union > (select distinct > hb.expected_identity_digest as identity_digest > from > heartbleed_probe_results hb > where > hb.probe_has_heartbleed and > not hb.probe_tor_checked_identity) > order by > identity_digest; > > That is, it includes all probe results for which a Tor handshake was > actually completed with the identity digest in question *and* a response > to the Heartbleed probe was seen (1729 digests) or for identity digests we > expected to see for that IP/port pair for which the handshake did not succeed > but a Heartbleed response was seen (additional 48 digests). > > The target list is all IP/port pairs which have ever appeared in a consensus > or vote during the time I've been scanning, so some of these may not be > in the current consensus or have ever appeared, or they may no longer be > vulnerable but not have changed keys properly. There are a bit over 900 > vulnerable relays in the latest consensus. > > http://charon.persephoneslair.org/~andrea/private/hb-fingerprints-20140417002500.txt > > -- > Andrea Shepard > > PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF DE79 A4FF BC34 F01D D536 > PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5 > ___ > tor-relays mailing list > tor-relays@lists.torproject.org > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays signature.asc Description: Message signed with OpenPGP using GPGMail ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
On Thu, Apr 17, 2014 at 09:20:10PM +0200, Yoriz wrote: > Dear Andrea, > > Could you please elaborate if/how we can use your file on a Tor node? Should > we use these as 'ExcludeNodes' rules in the `torrc` configuration files of > our Tor nodes? Or is the file merely intended for Tor clients? It's mainly intended for consumption by the directory authorities. You could transform into ExcludeNodes rules for clients if you want, I suppose. -- Andrea Shepard PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF DE79 A4FF BC34 F01D D536 PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5 pgp5Ij9z_dRMK.pgp Description: PGP signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
Andrea Shepard wrote: > On Thu, Apr 17, 2014 at 08:58:46PM +0200, Lars Kumbier wrote: > > I'm supposedly running one of the still affected tor-relays and since my > > relay is also a guard, I'm in the latest blocklist[1] (pre-upgrade > > fingerprint). I did upgrade the system on April 9th to openssl > > 1.0.1-4ubuntu5.12 - base system is an ubuntu 12.04. > > > > According to the changelog[2], this should have fixed the heartbleed > > issue and according to this scanner[3], it should be as well. I did > > create new keys anyway, but just to be sure: Is the host[4] still > > affected as given in the blocklist? > > > > Best, > > Lars > > __ > > [1] > > https://atlas.torproject.org/#details/9AB511B6894566C1CF56043CE60077D213CF1A1A > > [2] https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12 > > [3] https://filippo.io/Heartbleed/#tor.kumbier.it > > [4] tor running on 5.9.165.90:443 > > A router at that IP with identity 9AB511B6894566C1CF56043CE60077D213CF1A1A > tested positive for Heartbleed several times, most recently at > 2014-04-17 10:19:18, before testing negative at 2014-04-17 18:51:46 (all > times UTC). If you rotate the key you should be fine, but that key is > potentially exposed. > No, I don't think that is sufficient. Not only must the onion keypair be replaced, but also the relay's identity keypair. Once the authorities have been told to reject the identity key with the fingerprint shown above, that relay will no longer be included in the consensus, nor will its published descriptor be distributed by them. The reason for rejecting the identity keys as well is that the identity secret key may just as easily have been leaked as the onion secret key. So, Lars, either destroy or rename all of your existing keys for tor, both secret and public, and then restart tor. It will not find existing keys during its startup phase and will therefore generate brand-new keys. After checking for reachability, it will publish a new descriptor. Within a couple of hours, the authorities will begin including the new relay in the consensus and distributing the descriptor. IOW, get rid of *all* the old keys, restart tor, and tor will handle the rest for you. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at sdf.org *or* bennett at freeshell.org * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
Thanks Andrea, Thanks Scott, Keys have been replaced and I tested the relay with the script on github as well. I guess it was something stupid like forgetting to restart. For the rest: test your server via the script on https://github.com/wwwiretap/bleeding_onions Am 17.04.2014 22:58, schrieb Scott Bennett: Andrea Shepard wrote: On Thu, Apr 17, 2014 at 08:58:46PM +0200, Lars Kumbier wrote: I'm supposedly running one of the still affected tor-relays and since my relay is also a guard, I'm in the latest blocklist[1] (pre-upgrade fingerprint). I did upgrade the system on April 9th to openssl 1.0.1-4ubuntu5.12 - base system is an ubuntu 12.04. According to the changelog[2], this should have fixed the heartbleed issue and according to this scanner[3], it should be as well. I did create new keys anyway, but just to be sure: Is the host[4] still affected as given in the blocklist? Best, Lars __ [1] https://atlas.torproject.org/#details/9AB511B6894566C1CF56043CE60077D213CF1A1A [2] https://launchpad.net/ubuntu/+source/openssl/1.0.1-4ubuntu5.12 [3] https://filippo.io/Heartbleed/#tor.kumbier.it [4] tor running on 5.9.165.90:443 A router at that IP with identity 9AB511B6894566C1CF56043CE60077D213CF1A1A tested positive for Heartbleed several times, most recently at 2014-04-17 10:19:18, before testing negative at 2014-04-17 18:51:46 (all times UTC). If you rotate the key you should be fine, but that key is potentially exposed. No, I don't think that is sufficient. Not only must the onion keypair be replaced, but also the relay's identity keypair. Once the authorities have been told to reject the identity key with the fingerprint shown above, that relay will no longer be included in the consensus, nor will its published descriptor be distributed by them. The reason for rejecting the identity keys as well is that the identity secret key may just as easily have been leaked as the onion secret key. So, Lars, either destroy or rename all of your existing keys for tor, both secret and public, and then restart tor. It will not find existing keys during its startup phase and will therefore generate brand-new keys. After checking for reachability, it will publish a new descriptor. Within a couple of hours, the authorities will begin including the new relay in the consensus and distributing the descriptor. IOW, get rid of *all* the old keys, restart tor, and tor will handle the rest for you. Scott Bennett, Comm. ASMELG, CFIAG ** * Internet: bennett at sdf.org *or* bennett at freeshell.org * ** * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * *-- Gov. John Hancock, New York Journal, 28 January 1790 * ** ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays -- Lars Kumbier / IT Consultant l...@kumbier.it (gpg) Kumbier IT Consulting and Solutions Office: +49 (0)6221 1871632 SRH Gründerzentrum | Waldhoferstr. 100 | 69123 Heidelberg | Germany http://kumbier.it signature.asc Description: OpenPGP digital signature ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
Perl script attached which I made to take this !reject formatted list of bleeding tor nodes and reformat it into a mega-long ExcludeNodes line and put it at the end of my exit node's torrc. My tor daemon did not bomb or complain upon seeing the line. Hopefully that is the right way to use that !rejects list for relay operators who want to do the best thing? tor-rejects Description: Binary data ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi, (again a Disclaimer: I am not a Tor dev/guru and might be talking bullsh*t.) Tor circuits (a "way" through the Tor network) and thus nodes are entirely chosen by clients based on the consensus given by dirauths (see my earlier post). The ExcludeNodes statement you use basically instructs the Tor *client* part not to use the specified nodes in their circuits. If you run a relay, you don't have to undertake any action because of Heartbleed except rotating your keys (deleting all keys in DataDir/keys), updating OpenSSL and restarting Tor. (Moritz Bartl sent an E-Mail to tor-relays explaining all this in great detail on 4/8/2014: "Relays vulnerable to OpenSSL bug: Please upgrade") tl;dr: ExcludeNodes does not work and is not needed for relay operators. On 04/18/2014 12:56 AM, t...@t-3.net wrote: > Perl script attached which I made to take this !reject formatted > list of bleeding tor nodes and reformat it into a mega-long > ExcludeNodes line and put it at the end of my exit node's torrc. My > tor daemon did not bomb or complain upon seeing the line. > > Hopefully that is the right way to use that !rejects list for > relay operators who want to do the best thing? -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlNQZmAACgkQAO6N0EYmC9bzfgCgiHaLQJ0w9cUgymw/4HbOp3Tn Hx8Anj1huC+X0n8+Y/pAGfKSP9id6b4H =K7f0 -END PGP SIGNATURE- ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
On Fri, Apr 18, 2014 at 01:40:17AM +0200, Tobias Markus wrote: > Tor circuits (a "way" through the Tor network) and thus nodes are > entirely chosen by clients based on the consensus given by dirauths > (see my earlier post). The ExcludeNodes statement you use basically > instructs the Tor *client* part not to use the specified nodes in > their circuits. > > If you run a relay, you don't have to undertake any action because of > Heartbleed except rotating your keys (deleting all keys in > DataDir/keys), updating OpenSSL and restarting Tor. (Moritz Bartl sent > an E-Mail to tor-relays explaining all this in great detail on > 4/8/2014: "Relays vulnerable to OpenSSL bug: Please upgrade") Correct. --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
On Thu, Apr 17, 2014 at 12:17:02AM -0400, Roger Dingledine wrote: > Thanks Andrea. 374 of the 380 lines from Sina's file overlap with yours. > > I've moved moria1 to reject the union of the two lists. Four other directory authority operators have also blacklisted these keys, and they've now been dropped from the network. For comparison, we moved from 5421 Running relays earlier yesterday, to 4354 Running relays now. Many of the affected relays were tiny, but there sure were a lot of them. In the future, when we catch our breath a bit more, I'll start logging the rejected descriptors, and send another round of mail to everybody who set their ContactInfo to let them know to dump their keys and upgrade. Oh, and since it's going to confuse people, at the same time as this change we also have been cutting relays running Tor 0.2.2.x out of the network: https://trac.torproject.org/projects/tor/ticket/11149 That's currently ~240 relays, but again they're mostly quite small. https://metrics.torproject.org/network.html#versions --Roger ___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Re: [tor-relays] Recommended reject lines for relays affected by Heartbleed
I want to setup a Tor relay, but know nothing. Got a minute to read a page of questions? On Thursday, April 17, 2014 10:27:31 PM, Roger Dingledine wrote: On Fri, Apr 18, 2014 at 01:40:17AM +0200, Tobias Markus wrote: >> Tor circuits (a "way" through the Tor network) and thus nodes are >> entirely chosen by clients based on the consensus given by dirauths >> (see my earlier post). The ExcludeNodes statement you use basically >> instructs the Tor *client* part not to use the specified nodes in >> their circuits. >> >> If you run a relay, you don't have to undertake any action because of >> Heartbleed except rotating your keys (deleting all keys in >> DataDir/keys), updating OpenSSL and restarting Tor. (Moritz Bartl sent >> an E-Mail to tor-relays explaining all this in great detail on >> 4/8/2014: "Relays vulnerable to OpenSSL bug: Please upgrade") > >Correct. > >--Roger > > >___ >tor-relays mailing list >tor-relays@lists.torproject.org >https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays > > >___ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
