On 25 Oct. 2016, at 21:16, Toralf Förster toralf.foerster@gmx.de wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
On 10/25/2016 12:03 PM, Duncan Guthrie wrote:
Having it encrypted also makes remote management an absolute pain.
Depends on - an encrypted ext4fs needs just to be decrypted after boot as I tried in [1].
And the use case is to avoid that the private key of the tor exit relay can be accessed by somebody having physical access to the hard disk.
... while the machine is unpowered.
If the machine is powered, physical access likely gives them physical access to the contents of memory as well. (Not just cold boot-style attacks, but DMA hardware as well.)
Tim
[1] https://github.com/toralf/torutils/blob/master/unlock_tor.sh
Toralf PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7 -----BEGIN PGP SIGNATURE-----
iHYEAREIAB4FAlgPMQsXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2 6U46ZwD+O8iItKweJ9xC90enAgEA28Q0jqBw4wN5LMtMKz0o+XEBAIdP9oe7KKBh AX5Qf4PQ2wUKB49Ut0Il2nBKOyA0C3bs =4jom -----END PGP SIGNATURE----- _______________________________________________ tor-relays mailing list tor-relays@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
T