[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Password-protecting identity key?

To: mixminion-dev@xxxxxxxxxxxxx
Subject: Password-protecting identity key?
From: web@xxxxxx
Date: Fri, 14 Sep 2007 14:43:10 +0200
Delivered-to: archiver@xxxxxxxx
Delivered-to: mixminion-dev-outgoing@xxxxxxxx
Delivered-to: mixminion-dev@xxxxxxxx
Delivery-date: Fri, 14 Sep 2007 09:09:52 -0400
Reply-to: mixminion-dev@xxxxxxxxxxxxx
Sender: owner-mixminion-dev@xxxxxxxxxxxxx

Hi,

before making my next feature request, I'd like to hear some
comments on whether it'd be sensible...

At the moment, each node's "identity.key" is not protected at
all, so a server seizure might easily compromise it.
For my own node I've toyed around a bit with encrypting (gnupg)
the key, asking for the passphrase at startup and only decrypting
to a random-key-encrypted temporary storage (cryptfs). In this
setup the key would never be lying around unencrypted.

I suppose, the SURB keyring is already encrypted, so maybe some
kind of built-in identity key encryption might be feasible with
not too much additional effort.

Ciao

Tobias
--
           sapias, vina liques, et spatio brevi
spem longam reseces. dum loquimur, fugerit invida
aetas: carpe diem, quam minimum credula postero.
           (Quintus Horatius Flaccus, c.1,11)

Follow-Ups:
- Re: Password-protecting identity key?
  - From: Nick Mathewson

Prev by Author: error: (107, 'Transport endpoint is not connected')
Previous by thread: mixminion.net view CVS broken
Next by thread: Re: Password-protecting identity key?
Index(es):
- Author
- Thread