Ken Keys: > If the tor process is going to use the key, at some point the > unencrypted key has to be visible to the machine running it. You would > in any case have to trust the machine hosting the tor node. A more > secure setup would be to run the tor node inside an encrypted VM and use > your smartcard/dongle/whatever to unlock the VM. The point is that one can't[*] extract a private key from a smartcard and because of that even if machine is compromised your private key stays safe. [*] Not so easy, but possible. -- Ivan Markin /"\ \ / ASCII Ribbon Campaign X against HTML email & Microsoft / \ attachments! http://arc.pasp.de/
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev