* on the Thu, Jul 03, 2014 at 10:02:06AM +0200, Lunar wrote:
I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful?
The private keys for the node are sensitive, and even the .tor/state file for the guard nodes could be if the attacker does not already have that info, same for any non default node selection stuff in torrc. Tor presumably validates the disk consensus files against its static keys on startup so that's probably ok yet all easily under .tor anyway.
Some says that it's better to leave the disk unencrypted because in case of seizure by the police, they can easily attest that the system was only running Tor and nothing else.
Even if it's encrypted, you can easily attest the exact same thing by handing over your password... If you choose to do so.
Some disagrees and says that we should always encrypt to make tampering and (extra-)legal backdoor installation more difficult.
I believe the best strategy has never been really determined so far.
I know of only two benefits to not encrypting.
1.) On some systems, for some workloads, you might have some level of improved performance. For a Tor node, I doubt there is any noticable difference.
2.) You can reboot without having to enter a password.
Encryption gives you choice. The choice to hand over your password/key or not. As far as I'm concerned, "the best strategy" *has* been determined and it's to encrypt...