[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Securing servers

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Securing servers
From: tor@xxxxxxxxxxxxxxxxxx
Date: Tue, 11 Oct 2011 20:04:08 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 11 Oct 2011 15:04:28 -0400
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.grepular.com; s=dkim1; h=Content-Type:In-Reply-To:References:Subject:To:MIME-Version:From:Date:Message-ID; bh=yQDK1/8ItJ+t+7Fl8hXKoh7qu0fjY7LZhEzR0PodIKw=; b=SpfL4m7hqHolX6DRNL0Zulh7diBH0zwr/urtuBbzS7fxa3KnJnehUCQD9FpK+JEPK9galnj39MGRJfpqjpqlUrio3SWp9R+VhDe7D5xwT8rC71J7fPBEZFivnvtMrXRJ31jbchtFIo/CibsziSqASKVCBTzoUuww7ikXCH6mVXI=;
In-reply-to: <4E948C25.2080809@xxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "This mailing list is for all discussion about theory, design, and development of Onion Routing." <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
Openpgp: url=https://grepular.com/0018461F.pub.asc
References: <1318264946.14388.140258153147161@xxxxxxxxxxxxxxxxxxxxxxxxxxx> <4E932657.3090404@xxxxxxxxx> <20111010202713.GC25711@xxxxxxxxx> <4E936185.6040609@xxxxxxxxx> <4E94261A.9080701@xxxxxxxxxxxxxx> <4E943791.7090403@xxxxxxxxx> <4E944700.8060801@xxxxxxxxxxxxxx> <4E948447.8030408@xxxxxxxxx> <4E9489EF.3070800@xxxxxxxxxxxxxxxxxx> <4E948C25.2080809@xxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0) Gecko/20110923 Thunderbird/7.0

On 11/10/11 19:34, Jeroen Massar wrote:

>> I've been doing this myself for a while now. I wrote/released some
>> software to do it. It's described here:
>> 
>> https://grepular.com/Automatically_Encrypting_all_Incoming_Email
>> 
>> And here:
>> 
>> https://grepular.com/Automatically_Encrypting_all_Incoming_Email_Part_2
> 
> Yes, that is an awesome method for very cheaply keeping your emails safe
> from prying eyes. (though unless one has an external server polling the
> mail and saving it again, it is not applicable to gmail, especially as
> one does not know how much data gmail and other such services retain as
> they don't guarantee deletion).
> 
> The big advantage is also that there is no keying material that can
> cause the mails to be read, unlike most 'crypto filesystems' which tend
> to keep the crypto keys in memory for both reading and writing to the
> filesystem, thus if somebody is able to hack a process that can write
> (your incoming mailer) they can generally also read those files.

That is true yes, my private PGP key doesn't go anywhere near the server
which hosts my email.

Regarding your comments on keys being stored in RAM on crypto
filesystems, I have a working solution for that too. My Ubuntu laptop
uses full disk encryption, but the key is shifted from RAM into the
debug registers of the CPU as soon as it starts booting, and all crypto
operations are performed directly on the CPU without the key being
transferred back into RAM, using the CPU's AES-NI instructions. This
prevents the key being exposed during cold boot attacks. To achieve
this, I patched my kernel using something called TRESOR. For more info
see:
https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sophisticated_Attacks
- If you compile a new kernel without LKM support then it's not even
possible for root to access the key.

I would do this on my mail server too, but it's a virtual machine which
this technique doesn't work on.

> The only missing component in the above puzzle is then to mirror new
> mails asap to a set of other hosts to act as a backup, just forwarding
> them to the other boxes with a rewrite can solve that though.

I do exactly that. After encryption, a second copy of every email is
forwarded to a different machine, over a VPN using SMTP, which also has
encrypted incremental backups using duplicity/gpg.

Another possibility would be to have a mail server as a hidden service,
and then just set up the Internet facing server to immediately forward
all incoming email to the hidden server via Tor.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
tor-talk mailing list
tor-talk@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Securing servers
  - From: Jeroen Massar

References:
- [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Andre Risling
- Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Jeroen Massar
- Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Eugen Leitl
- Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Jeroen Massar
- Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Moritz Bartl
- Re: [tor-talk] WSJ- Google- Sonic Mr. Applebaum
  - From: Jeroen Massar
- [tor-talk] Securing servers (was: Re: WSJ- Google- Sonic Mr. Applebaum)
  - From: Moritz Bartl
- Re: [tor-talk] Securing servers
  - From: Jeroen Massar
- Re: [tor-talk] Securing servers
  - From: tor
- Re: [tor-talk] Securing servers
  - From: Jeroen Massar

Prev by Author: Re: [tor-talk] Securing servers
Next by Author: Re: [tor-talk] Ideas to securely implement PGP encryption/decryption
Previous by thread: Re: [tor-talk] Securing servers
Next by thread: Re: [tor-talk] Securing servers
Index(es):
- Author
- Thread