On Tue, Feb 27, 2018 at 12:09:36PM -0500, Otheontelth wrote:
Why would it be important to encrypt the storage of your tor server? For me this looks like it only complicates things if law enforcement wants to take a look at your server and the cloud provider should be able to break the encryption relative easy or can simply take a memory dump
I think there's a good argument for not using disk encryption for your relay, especially for your exit relay.
The reasoning is that if some law enforcement group shows up to steal your computer, everything will go more smoothly if it's easy for them to conclude that there's no useful evidence on the disk.
In that scenario, an encrypted disk means a much longer wait before they move on from thinking you're the bad person.
(I'd say "a much longer wait before they give your hardware back", but while that's probably true too, it's hard to imagine a scenario where they steal your computer for a while, and then give it back, and you still want to trust it for running a relay or doing anything else interesting.)
Capturing the on-disk keys from a relay will let them impersonate the relay in the future, but it shouldn't help them with decrypting past circuits or with deanonymizing what people did in the past: https://www.torproject.org/docs/faq#KeyManagement
For those developer types wanting to help out here, check out this ticket: https://trac.torproject.org/13705 "Allow relays to promise in their descriptor that their IP address won't change" which would make it so people who steal the keys for large stable guards can't just put them back online somewhere else and have clients resume connecting to them.
For other context, see also the "what if a bad guy runs a Tor exit relay to provide plausible deniability" paragraph in https://blog.torproject.org/trip-report-tor-trainings-dutch-and-belgian-poli... Apparently the link from my blog post, to https://trac.torproject.org/projects/tor/wiki/doc/TorExitGuidelines no longer has any mention pro or con disk encryption. I wonder if that was intentionally removed by the torservers.net folks (maybe they have even changed their mind on the advice?), or if it just fell out because it's a wiki.
--Roger