On Thu, Dec 07, 2006 at 08:39:09AM +0800, John Kimble wrote: > On 12/7/06, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote: > [...] > > > >Here's what Tor stores in the data directory. I've tried to annotate > >the security implications of stuff, but I might have missed > >something. > > > [...] > > For completeness, though it's probably not very common for Torpark > users to set up hidden services, there's also hidden_service/hostname > and hidden_service/private_key. It's rather damaging if an adversary > can get hold of these. Ah, good catch, but those don't go in the data directory. They go in the directory configured by HiddenServiceDir. There is one such directory per hidden service. Its contents are as you describe: hostname -- the <base32-encoded-fingerprint>.onion domain name for this hidden service. private_key -- the private key for this hidden service. Both are sensitive. The former lets an attacker tell what hidden services you've been running. The latter lets an attacker impersonate your hidden service. yrs, -- Nick Mathewson
Attachment:
pgpJGRJ0kcchN.pgp
Description: PGP signature