[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Tor relay security
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Tor relay security
- From: Stephen Carpenter <thecarp@xxxxxxxxx>
- Date: Wed, 3 Feb 2010 10:51:48 -0500
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Wed, 03 Feb 2010 10:51:59 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=9YiA9VoaF4+r7OWKmRUf4cC63TuaBi6pOEDxsNUBzyA=; b=m3D9RI1M8p+5ZuP7QZrHHjBjAUMG/LXZBFL19QnWysWc9fatyOxTN9D5gR4g+tACmB Riuz+N6FlhWv2gMQp/1xrThXwVGD4M9SkFPufHu+PmQrSalNAa5QazYxXlpEpU4ALNcU xQrJXRrWo+6c1dPxe+VDsOtnDCtYG3j2pol/w=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=f/8o6zd4LYPobrfdcTFLqktM7x+Gag6YmaW3vWxAHpbYlLp50eVwnz3yWlA3xoDupu V7ULRpQx0wKeaQCp1Aa1P4do2rBU7oPDM7cXM8zDut+WYUen0bFjbXe/jZIUntv8t2Wq avPsgmWhiYMybw9ZOp6ZTHcOWPuBWicDDTqEM=
- In-reply-to: <4B6983CB.1070901@xxxxxxxx>
- References: <20100203125948.3F5E1B00B5@xxxxxxxxxxxxxxxxx> <4B6983CB.1070901@xxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On Wed, Feb 3, 2010 at 9:10 AM, Jan Reister <Jan.Reister@xxxxxxxx> wrote:
> Il 03/02/2010 13:59, onion.soup@xxxxxxxxxxxx ha scritto:
>> 1. The article talks about encrypting sensitive information on a
>> Tor server. Does the author mean that files on hard disk are
>> obtainable by other Tor users when I run a Tor relay?
>
> No, unless a new vulnerability is discovered in Tor.
>
>> 2. I noticed there are key files found on machines running as Tor
>> relays.
>
> An attacker that got your relay's key files after a compromise could
> impersonate it in the Tor network. This is why it's advisable encrypting
> a relay's drive.
How does that help? If the machine is compromised, the disk will be
mounted and unencrypted.
Encrypted drives are really only helpfu if A) physical security/theft
is the major concern or B) you can leave the volume offline.
Does tor need access to these keys after startup (I assume not?) Of
course it does mean needing to decrypt the files for each restart. It
would be nice to have that supported as a standard feature of the
startup script but.... it also means not being able to do unattended
reboots.
-Steve
***********************************************************************
To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk in the body. http://archives.seul.org/or/talk/