[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Tor HS keys password protection against impersonation attacks?
On 3/18/12 3:34 AM, Jacob Appelbaum wrote:
>> That way even in case of seizure of the server running the Tor HS
>> it would not be possible to who seized the Tor HS Server to do actively
>> Impersonation attacks of the Tor HS.
>
> I think that's a great idea but also a UI nightmare; for servers, I
> think arm would need to support entering the key and for desktops, I
> think Vidalia is the obvious target.
Well, for server it could also be possible to start implementing
something simpler such as a password inquiry on stdin like Apache does.
That way the "core functionalities" of the TorHS password protection may
be implemented and get used, while delegating to a second stage the
opportunity to unlock the key via Tor ControlPort for better UI integration.
-naif
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev