On Saturday, 5 October 2024 00:40 George Hartley via tor-relays wrote:
You should default to full disk / partition encryption.
Apart from that FDE is _not_ recommended, especially for Tor exits. What is the point of a 24/7/365 running cloud or KVM server that the admins can copy at any time? If you want to secure Cloud or KVM Tor server, you can use offline ed25519 identity keys.
On Friday, October 4th, 2024 at 11:51 PM, Osservatorio Nessuno via tor-
relays tor-relays@lists.torproject.org wrote:
While we could, I would think it is not a great security practice migrate keys that were on an old, non updated provider cluster when building a new node elsewhere. That would double the risk of someone else having the secret keys (old provider, new provider instead of just the new provider).
You are absolutely right. I didn't even think about it because I almost only have dedicated servers. You will soon have it even better with the Rack @home. :-) When you have everything ready, I would be happy to see server/rack pictures and which CPUs you are using.