No problem. You should default to full disk / partition encryption. The ArchLinux Wiki has (as usual) a great article on this: https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encrypting_devices_with_cryptsetup Also make sure to not use the standard hash library (SHA256) but SHA512 instead, and also use argon2id as PBKDF as it's slower and thus harder to brute-force your boot password. This way your new provider will not be able to obtain your new keys. Also, even if the old provider did indeed dump your HDD a while ago, the first / "real" relay to boot up with one descriptor / secret_key gets favored, the other / "fake" I believe I read a while back will not be allowed on to the network, but take this with a grain of salt. -GH On Friday, October 4th, 2024 at 11:51 PM, Osservatorio Nessuno via tor-relays <tor-relays@xxxxxxxxxxxxxxxxxxxx> wrote: > Hi, > thanks both for your input. > > > On 03/10/2024 21:24, boldsuck via tor-relays wrote: > > > But: > > FallbackDir can also move to another provider/host. Simply copy the Tor keys > > of the instance to the new host. I've done that several times. > > > While we could, I would think it is not a great security practice > migrate keys that were on an old, non updated provider cluster when > building a new node elsewhere. That would double the risk of someone > else having the secret keys (old provider, new provider instead of just > the new provider). > > Giulio > _______________________________________________ > tor-relays mailing list > tor-relays@xxxxxxxxxxxxxxxxxxxx > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
Attachment:
publickey - hartley_george@proton.me - 0xAEE8E00F.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-relays mailing list tor-relays@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays