It says in the blog: "Hidden services: Tor hidden services might leak their long-term hidden service identity keys to their guard relays. Like the last big OpenSSL bug, this shouldn't allow an attacker to identify the location of the hidden service, but an attacker who knows the hidden service identity key can impersonate the hidden service. Best practice would be to move to a new hidden-service address at your convenience."
*If* the entry guard has obtained your private_key, or is capable of doing so, it *must* be capable of linking that private_key with the hidden service's real IP also. It is afterall your *entry* guard! Right? I think this bug is more severe than most people think or want to believe! -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
