On Fri, Sep 14, 2007 at 02:43:10PM +0200, web@xxxxxx wrote: > Hi, > > before making my next feature request, I'd like to hear some > comments on whether it'd be sensible... > > At the moment, each node's "identity.key" is not protected at > all, so a server seizure might easily compromise it. > For my own node I've toyed around a bit with encrypting (gnupg) > the key, asking for the passphrase at startup and only decrypting > to a random-key-encrypted temporary storage (cryptfs). In this > setup the key would never be lying around unencrypted. > > I suppose, the SURB keyring is already encrypted, so maybe some > kind of built-in identity key encryption might be feasible with > not too much additional effort. Agreed; encrypting identity keys is a fine idea, and the code probably wouldn't be hard to write. If anybody feels like giving it a shot, they should go right ahead. If you're feeling terribly secure, you'll probably want to use OpenPGP's s2k algorithm rather than writing your own or using the dippy one from the SURB keyring. yrs, -- Nick Mathewson
Attachment:
pgp9LnNZ66Ywd.pgp
Description: PGP signature