[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-relays] Running tor in VPS - keep away snooping eyes
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 7/3/2014 1:40 PM, Kali Tor wrote:
>
>
>
>
>
>> On Thursday, July 3, 2014 9:11 AM, Mike Cardwell
>> <tor@xxxxxxxxxxxxxxxxxx> wrote:
>>> * on the Thu, Jul 03, 2014 at 10:02:06AM +0200, Lunar wrote:
>>
>>>>> I have done all that, so covered on that aspect. Was
>>>>> wondering if
>> disk encryption and use of something like TRESOR would be
>> useful?
>>>>
>>>> The private keys for the node are sensitive, and even the
>>>> .tor/state file for the guard nodes could be if the attacker
>>>> does not already have that info, same for any non default
>>>> node selection stuff in torrc. Tor presumably validates the
>>>> disk consensus files against its static keys on startup so
>>>> that's probably ok yet all easily under .tor anyway.
>>>
>>> Some says that it's better to leave the disk unencrypted
>>> because in
>> case
>>> of seizure by the police, they can easily attest that the
>>> system was only running Tor and nothing else.
>>
>> Even if it's encrypted, you can easily attest the exact same
>> thing by handing over your password... If you choose to do so.
>>
>>
>>> Some disagrees and says that we should always encrypt to make
>>> tampering and (extra-)legal backdoor installation more
>>> difficult.
>>>
>>> I believe the best strategy has never been really determined so
>>> far.
>>
>> I know of only two benefits to not encrypting.
>>
>> 1.) On some systems, for some workloads, you might have some
>> level of improved performance. For a Tor node, I doubt there is
>> any noticable difference.
>>
>> 2.) You can reboot without having to enter a password.
>>
>> Encryption gives you choice. The choice to hand over your
>> password/key or not. As far as I'm concerned, "the best strategy"
>> *has* been determined and it's to encrypt...
>
> Thanks for the discussion on this.
>
> If disk encryption is indeed the way to go, how many of the node
> operators do actually encrypt the disk? Has there been any
> performance issues? I ask specifically because I run in a VPS where
> resources are limited (compared to a proper machine).
>
> - kali-
>
> _______________________________________________ tor-relays mailing
> list tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>
Depends, what configuration will that virtual machine have?
You shouldn't notice too big of a difference, full disk encryption is
not a resource killer on any configuration.
- --
s7r
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)
iQEcBAEBAgAGBQJTtTopAAoJEIN/pSyBJlsR9lkIAIYVigtTOYcYeihEJLx8yWs+
WRc/1p9u/YuSA62enSpqkuYYOtvMLsJiGtdRzr66kyrIqgifIStOAyTkd2un+QLq
nRl2OY/jmhwg0EM0EGpdzDo9qMzEPpDOfRtoJhotnB+0Aurl8Bt6PuNhSezY3a3X
VUmKaNf13SCyqyiB3cty+/gpSpTrQRoCH0lV/QtrMvHo8KqOknSbRa7LyylDz6Wv
fH6C8UnIU6ueL2RxRV8h+cIla52mRJStv2LWO3+IqFBnGPrbFlZks7OjYaY74nEI
r3YMg7dDgy9jT7QuL2LIBxGKsXAdDEeww+xLtbd1KRlYwt6W+JHtbVkhpO3Yfic=
=3pg1
-----END PGP SIGNATURE-----
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays