[tor-dev] Tor HS keys password protection against impersonation attacks?

Fabio Pietrosanti (naif) lists at infosecurity.ch
Sat Mar 17 09:52:59 UTC 2012

thinking about Tor Hidden services, they are managed by using Hidden
Services client keys.

The Tor HS keys are "private keys" that may require to be protected
because they represent also the "identity" of the Tor HS and if stolen,
it would be possible to carry on impersonation attack on connecting to
Tor HS.
Accepting connections on behalf of the real TorHS, with the goal to
steal passwords, provide fake data to clients, exploit them, etc.

The Tor HS keys are even more sensible than the X509v3, as it does provide:
- identity (similar to an internet domain name)
- routing (similar to an internet IP address)
- encryption (they provide e2e encryption, i don't know if there are
attacks on crypto if they get stolen)

So owning a Tor HS key it's like owning a user domain name, acquiring
it's ip address and the x509v3 private key of his digital certificate
bound to his domain name.

As a protection schema it would be possible to create the Tor HS private
key encrypted with a passphrase, like it's possible to do for x509v3 PEM

That the passphrase to unlock the Tor HS key, could be provided via Tor
Control Port, so an external process (UI, scripts) could manage the
setup of the passphrase.

That way even in case of seizure of the server running the Tor HS
it would not be possible to who seized the Tor HS Server to do actively
Impersonation attacks of the Tor HS.


More information about the tor-dev mailing list