[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Revoking a hidden service key

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Revoking a hidden service key
From: Adrien Johnson <adrienj@xxxxxxxxxxx>
Date: Tue, 03 Mar 2015 13:50:04 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 03 Mar 2015 13:50:12 -0500
In-reply-to: <CAD2Ti2_CqnqV1mGuBt1xXzzDkVptSkB=d63ogzDJSBc16s520A@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <54F506C7.6020202@xxxxxxxxxxx> <CALoT2zYkwUEguD-bN+hsePTK8a+G=HRWju6s3yGtiQA5+G5Waw@xxxxxxxxxxxxxx> <54F51F38.30902@xxxxxxxxxxx> <CAKrUFkh4fd9tkssVXiUs0g_X5vRYH2FBA4Te0nJGRtyM2Qy0dw@xxxxxxxxxxxxxx> <54F524EE.3050400@xxxxxxxxxxx> <54F58AAD.5010000@xxxxxxxxxx> <54F5B9DC.9010101@xxxxxxxxxxx> <CAGH6_ppvP-1B8F_7w2QN95x4Dy8j0rjwhbbeYB1tUCk4GNzVGw@xxxxxxxxxxxxxx> <54F5DA0C.3090403@xxxxxxxxxxx> <CAGH6_pr7gVxRRdGqaDhJdSL3yMhN4w6ZHfFnjJFWDubuWZjiig@xxxxxxxxxxxxxx> <54F5E683.5060507@xxxxxxxxxxx> <CAD2Ti2_CqnqV1mGuBt1xXzzDkVptSkB=d63ogzDJSBc16s520A@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101 Thunderbird/31.5.0

Putting a passphrase on the master secret key (in the current system)would protect from theft if the hidden service is offline. But if theservice is online, the master secret key needs to be stored decrypted inmemory so the hidden service can sign and publish its updateddescriptors. If the hidden service is compromised while running,attackers would just steal the decrypted key from memory and not botherwith the encrypted one in the filesystem. So unfortunately an RSApassphrase does not provide as much extra security as we would like.


-Adrien

On 2015-03-03 12:45 PM, grarpamp wrote:

The keys are RSA, we need to be able to put an optional passphrase
on them (for startup as in httpd) as a simple first (and zero cost/design
to network) measure to eliminate their value to thieves. This has not been
done. There have been threads and tickets on this whole key management
topic.


--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Revoking a hidden service key
  - From: grarpamp

References:
- [tor-talk] Revoking a hidden service key
  - From: Adrien Johnson
- Re: [tor-talk] Revoking a hidden service key
  - From: michael ball
- Re: [tor-talk] Revoking a hidden service key
  - From: Adrien Johnson
- Re: [tor-talk] Revoking a hidden service key
  - From: Max Bond
- Re: [tor-talk] Revoking a hidden service key
  - From: Adrien Johnson
- Re: [tor-talk] Revoking a hidden service key
  - From: Donncha O'Cearbhaill
- Re: [tor-talk] Revoking a hidden service key
  - From: Adrien Johnson
- Re: [tor-talk] Revoking a hidden service key
  - From: Domenico Andreoli
- Re: [tor-talk] Revoking a hidden service key
  - From: Adrien Johnson
- Re: [tor-talk] Revoking a hidden service key
  - From: Domenico Andreoli
- Re: [tor-talk] Revoking a hidden service key
  - From: Adrien Johnson
- Re: [tor-talk] Revoking a hidden service key
  - From: grarpamp

Prev by Author: Re: [tor-talk] Revoking a hidden service key
Next by Author: Re: [tor-talk] Revoking a hidden service key
Previous by thread: Re: [tor-talk] Revoking a hidden service key
Next by thread: Re: [tor-talk] Revoking a hidden service key
Index(es):
- Author
- Thread