[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Revoking a hidden service key

Putting a passphrase on the master secret key (in the current system) would protect from theft if the hidden service is offline. But if the service is online, the master secret key needs to be stored decrypted in memory so the hidden service can sign and publish its updated descriptors. If the hidden service is compromised while running, attackers would just steal the decrypted key from memory and not bother with the encrypted one in the filesystem. So unfortunately an RSA passphrase does not provide as much extra security as we would like.


On 2015-03-03 12:45 PM, grarpamp wrote:
The keys are RSA, we need to be able to put an optional passphrase
on them (for startup as in httpd) as a simple first (and zero cost/design
to network) measure to eliminate their value to thieves. This has not been
done. There have been threads and tickets on this whole key management

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to