Is there a clear threat model justifying use of disk encryption here? The decryption keys sit in system memory so an adversary with physical access will surely win. I just don't see the point.
Also I do not have a sense for how big the data directory can get... so I'm not actually trying here to be helpful in the way you requested.
Cheers, David
On Mon, May 29, 2017 at 08:07:53PM +0200, Cristian Consonni wrote:
On 15/05/2017 12:21, aeris wrote:
Private key are under encrypted volume and may be protected
On 21/05/2017 10:02, Roger Dingledine wrote:
On Sun, May 21, 2017 at 09:12:39AM +0200, Petrusko wrote:
@aeris, do they ask you to uncrypt the volume ? (good luck to you...) What can be the best ? Uncrypt the relay to help police when asking, when this relay is only a relay and storing nothing else ?
That's actually why the torservers.net people suggest *not* using disk encryption. Having no barriers makes it much easier for the police to realize that there's nothing useful to them. See also point two of
https://blog.torproject.org/blog/trip-report-tor-trainings-dutch-and-belgian...
From the Tor Exit Guidelines: «Disk encryption might be useful to protect your node keys, but on the other hand unencrypted machines are easier to "audit" if required. We feel it's best to be able to easily show that you do Tor exiting, and nothing else (on that IP or server).» https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines
I was wondering if the argument about not encrypting the disk applies just to the full-disk encryption or if it is applicable also to the caso of encrypting just the DataDir on a fairly small file-based volume (say 100MB).
In the second case, how big can the DataDir get?
Cristian _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays