[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-dev] adding smartcard support to Tor

To: tor-dev@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-dev] adding smartcard support to Tor
From: Ken Keys <kenkeys@xxxxxxxxxxx>
Date: Sat, 17 Oct 2015 12:17:29 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 17 Oct 2015 15:17:54 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=comcast.net; s=q20140121; t=1445109458; bh=Qz/PSe3/r1wdACLEljGP4gQyzoY5d7bM4Wco6vfbQdI=; h=Received:Received:Subject:To:From:Message-ID:Date:MIME-Version: Content-Type; b=H4WmczMC5+xnMLgqwCe+zP/v+97zKqr7WH2kT0Vae2ZPDl5eDU9AyS4MInzKfvndp UCSeWClWkwlBTlBpBM9Tmf4/jOi8SgNSgUekzimh123AFtsQ9ut60ulgIGB4CZUI3j t4K3119HILWIAQYvtxCKo0LrTHiMkmjgKuYn2Y1vI3eoXvRr9skauD9sLu5WpFWveQ LHpFj25WpqYv7CA2Y1MUsl/XVLlC39AqViHntDGgQ8yqiVWlfTGBUD+f3VV6FSHtPx v3z2qnBDDSlXraA1NK9wd2eR+nmDoU7kH/2Qrjx2IivcnNOSdqcPdf6DvboegEFNEt cuCn36nnCjrzA==
In-reply-to: <CAFnyNAdAMGx41CmB+znVcH30OsWt3ddzsK3OdXAAEqSzoo+aFg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
List-post: <mailto:tor-dev@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
References: <CAFnyNAdw5P53+6-YyOBfa1dmc_TMO2yCta_=4oj3ss3zR9JbuQ@xxxxxxxxxxxxxx> <5621A7CD.9070600@xxxxxxxxxx> <CAFnyNAdcY3aTHqbmdTWVGpx6N4PS8iDzKmA3GqvtJ0YWc9_-VA@xxxxxxxxxxxxxx> <5622954B.7000706@xxxxxxxxxxx> <CAFnyNAdAMGx41CmB+znVcH30OsWt3ddzsK3OdXAAEqSzoo+aFg@xxxxxxxxxxxxxx>
Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.3.0

If the tor process is going to use the key, at some point the unencrypted key has to be visible to the machine running it. You would in any case have to trust the machine hosting the tor node. A more secure setup would be to run the tor node inside an encrypted VM and use your smartcard/dongle/whatever to unlock the VM.

On 10/17/2015 12:00 PM, Razvan Dragomirescu wrote:

Tamper resistance. And the fact that an attacker with access to the machine running Tor can read your encrypted thumb drive (you need to decrypt it at some point to load the key into the Tor process since the encrypted thumbdrive doesn't run crypto algos internally). A smartcard is a small embedded tamper-resistant _computer_ - you never ask it for the key, you ask it to _decrypt_ something for you or _sign_ something for you, you can never extract the key out of the card.

Razvan

--

Razvan Dragomirescu

Chief Technology Officer

Cayenne Graphics SRL

On Sat, Oct 17, 2015 at 9:36 PM, Ken Keys <kenkeys@xxxxxxxxxxx> wrote:

What is the advantage of a smart card over a standard encrypted thumb drive?

_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev

Follow-Ups:
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin

References:
- [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ivan Markin
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu
- Re: [tor-dev] adding smartcard support to Tor
  - From: Ken Keys
- Re: [tor-dev] adding smartcard support to Tor
  - From: Razvan Dragomirescu

Prev by Author: Re: [tor-dev] adding smartcard support to Tor
Next by Author: Re: [tor-dev] adding smartcard support to Tor
Previous by thread: Re: [tor-dev] adding smartcard support to Tor
Next by thread: Re: [tor-dev] adding smartcard support to Tor
Index(es):
- Author
- Thread