[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Running tor in VPS - keep away snooping eyes



* on the Thu, Jul 03, 2014 at 10:02:06AM +0200, Lunar wrote:

>>> I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful?
>> 
>> The private keys for the node are sensitive, and even the
>> .tor/state file for the guard nodes could be if the attacker
>> does not already have that info, same for any non default
>> node selection stuff in torrc. Tor presumably validates
>> the disk consensus files against its static keys on startup
>> so that's probably ok yet all easily under .tor anyway.
> 
> Some says that it's better to leave the disk unencrypted because in case
> of seizure by the police, they can easily attest that the system was
> only running Tor and nothing else.

Even if it's encrypted, you can easily attest the exact same thing by
handing over your password... If you choose to do so.
 
> Some disagrees and says that we should always encrypt to make tampering
> and (extra-)legal backdoor installation more difficult.
> 
> I believe the best strategy has never been really determined so far.

I know of only two benefits to not encrypting.

1.) On some systems, for some workloads, you might have some level of
    improved performance. For a Tor node, I doubt there is any
    noticable difference.

2.) You can reboot without having to enter a password.

Encryption gives you choice. The choice to hand over your password/key
or not. As far as I'm concerned, "the best strategy" *has* been
determined and it's to encrypt...

-- 
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4

Attachment: signature.asc
Description: Digital signature

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays