Re: [tor-relays] issues with a fresh new tor server

On 8/21/16, Toralf Förster toralf.foerster@gmx.de wrote:

I'm pretty convinced that this is an easy method to ensure an attacker even with physical access to a server (eg. while changing a defect hard disk) can't achieve the secret key.

rm the key/salt doesn't wipe the underlying data. Wipe the files or the non swap backed fs, or use a pipe. Some tools and allocators might wipe ram regarding core dump. But still, turn off dumps. Considering... - Adversary can always run a node at their cost - Almost all nodes are linux attack surface, not diverse - You keep copy of node key to help show revocation. - You may not discover you're rooted ... don't lose sleep over it. Happy relaying.