On Wed, Oct 17, 2012 at 11:18:02AM +0100, tor@xxxxxxxxxxxxxxxxxx wrote: > > This seems like a good strategy for hidden service. Maybe it is OT > > a little, but how can I have encrypted VM for my hidden service > > where boot password is securely typed? Some cloud service gives > > virtual console where I can type boot password on some encrypted > > volume, but I think this could be logged. > > > > Does anyone know the best way to do it? > > The problem with using VMs is that the physical host it is running on > can silently read the VMs entire memory, allowing it to easily read > the VMs disk encryption keys at any point after the VM has booted up. Seconded; you can't trust VMs on hardware you don't control for anything that needs to stay private - at least not until we get Turing-complete emulated processors implemented in homomorphic cryptography. At minimum you need a real machine in a colo, which means you need to figure out how to pay for it anonymously [1], and if you want a second line of defense you want to harden your server against intrusions too; doing your disk crypto in tamper-proof hardware would probably be a good idea [2], as would making sure you can trust your BIOS [3]. [1] prq.se claims they work with anonymous clients on their web site, but all the methods of payment they mention are identity leak hazards. [2] I don't think the kernel supports this, though :/ [3] I kinda want to find a server motherboard I can use with coreboot and add SSL support on the serial console, and then a challenge-response authentication to boot... -- Andrea Shepard <andrea@xxxxxxxxxxxxxx> PGP fingerprint: 3611 95A4 0740 ED1B 7EA5 DF7E 4191 13D9 D0CF BDA5
Attachment:
pgpt33BbmahTZ.pgp
Description: PGP signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk