* on the Thu, Jul 03, 2014 at 10:02:06AM +0200, Lunar wrote:
>>> I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful?
>>
>> The private keys for the node are sensitive, and even the
>> .tor/state file for the guard nodes could be if the attacker
>> does not already have that info, same for any non default
>> node selection stuff in torrc. Tor presumably validates
>> the disk consensus files against its static keys on startup
>> so that's probably ok yet all easily under .tor anyway.
>
> Some says that it's better to leave the disk unencrypted because in case
> of seizure by the police, they can easily attest that the system was
> only running Tor and nothing else.
Even if it's encrypted, you can easily attest the exact same thing by
handing over your password... If you choose to do so.
> Some disagrees and says that we should always encrypt to make tampering
> and (extra-)legal backdoor installation more difficult.
>
> I believe the best strategy has never been really determined so far.
I know of only two benefits to not encrypting.
1.) On some systems, for some workloads, you might have some level of
improved performance. For a Tor node, I doubt there is any
noticable difference.
2.) You can reboot without having to enter a password.
Encryption gives you choice. The choice to hand over your password/key
or not. As far as I'm concerned, "the best strategy" *has* been
determined and it's to encrypt...
--
Mike Cardwell https://grepular.com https://emailprivacytester.com
OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
Attachment:
signature.asc
Description: Digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays