[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] doc/HARDENING Draft

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-relays] doc/HARDENING Draft
From: tor@xxxxxxxxxx
Date: Tue, 25 Nov 2014 23:57:28 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 25 Nov 2014 18:05:46 -0500
In-reply-to: <9219102.n8EUMWN3Db@slamaq2>
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
References: <5473BAAE.5020802@xxxxxxxxxxx> <9219102.n8EUMWN3Db@slamaq2>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mutt/1.5.22 (2013-10-16)

Hi,

On Tue, Nov 25, 2014 at 08:58:04PM +0100, tor-admin@xxxxxxxxxx wrote:
> Don't store identity keys on the hard disk. Keep them offliner. Use a ramdisk 
> for /var/lib/tor/keys/ and copy keys to it via scp before starting your tor 
> instance. Remove it from the ramdisk after startup. So the keys cannot be 
> easily taken during unexpected downtimes.
>
that's a nice idea. But keep in mind that your ramdisk could be offloaded
to swap. So make sure your swap is encryted too.
Also your keys could still be stolen while the server is running.

-- 
regards
 alex
_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

References:
- [tor-relays] doc/HARDENING Draft
  - From: Libertas
- Re: [tor-relays] doc/HARDENING Draft
  - From: tor-admin

Prev by Author: Re: [tor-relays] Node Operators Web Of Trust
Next by Author: Re: [tor-relays] doc/HARDENING Draft
Previous by thread: Re: [tor-relays] doc/HARDENING Draft
Next by thread: Re: [tor-relays] doc/HARDENING Draft
Index(es):
- Author
- Thread