[tor-bugs] #29677 [Internal Services/Tor Sysadmin Team]: evaluate password management options
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue May 5 19:38:12 UTC 2020
#29677: evaluate password management options
-------------------------------------------------+-------------------------
Reporter: anarcat | Owner: tpa
Type: task | Status:
| assigned
Priority: Low | Milestone:
Component: Internal Services/Tor Sysadmin Team | Version:
Severity: Major | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
-------------------------------------------------+-------------------------
Comment (by sysrqb):
Replying to [comment:10 anarcat]:
> i'm running with the assertion that a password manager solves both the
storage and sharing aspects of the password management problem. sharing
and storing are, generally, tangled together in any case: when you send an
email, for example, it gets stored in a queue. there are mechanisms to
store passwords without sharing them (e.g. secure enclaves) but those can
have dubious properties (e.g. being exploitable, like Intel's).
This was my thought, as well.
>
> but it is true it might be useful to consider hardware tokens for
signing things, in the case of software releases and, indeed, that is how
Debian is deploying secureboot right now. the advantage is that even in a
compromise, the private key cannot (in theory) be stolen, so you have a
limit to what an attacker can do.
>
> is this part of your threat model?
Yes, (almost) all of our keys are stored in hardware tokens. We have
separate signing infrastructure where these are attached to machines.
However, I'd like a way for sharing the passphrases that allow signing.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/29677#comment:11>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list