grarpamp:
On Wed, Jul 2, 2014 at 7:46 AM, Kali Tor kalitor42@yahoo.com wrote:
I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful?
The private keys for the node are sensitive, and even the .tor/state file for the guard nodes could be if the attacker does not already have that info, same for any non default node selection stuff in torrc. Tor presumably validates the disk consensus files against its static keys on startup so that's probably ok yet all easily under .tor anyway.
Some says that it's better to leave the disk unencrypted because in case of seizure by the police, they can easily attest that the system was only running Tor and nothing else.
Some disagrees and says that we should always encrypt to make tampering and (extra-)legal backdoor installation more difficult.
I believe the best strategy has never been really determined so far.