[tor-dev] Tor HS keys password protection against impersonation attacks?
jacob at appelbaum.net
Sun Mar 18 02:34:03 UTC 2012
On 03/17/2012 02:52 AM, Fabio Pietrosanti (naif) wrote:
> thinking about Tor Hidden services, they are managed by using Hidden
> Services client keys.
> The Tor HS keys are "private keys" that may require to be protected
> because they represent also the "identity" of the Tor HS and if stolen,
> it would be possible to carry on impersonation attack on connecting to
> Tor HS.
> Accepting connections on behalf of the real TorHS, with the goal to
> steal passwords, provide fake data to clients, exploit them, etc.
> The Tor HS keys are even more sensible than the X509v3, as it does provide:
> - identity (similar to an internet domain name)
> - routing (similar to an internet IP address)
> - encryption (they provide e2e encryption, i don't know if there are
> attacks on crypto if they get stolen)
> So owning a Tor HS key it's like owning a user domain name, acquiring
> it's ip address and the x509v3 private key of his digital certificate
> bound to his domain name.
> As a protection schema it would be possible to create the Tor HS private
> key encrypted with a passphrase, like it's possible to do for x509v3 PEM
> That the passphrase to unlock the Tor HS key, could be provided via Tor
> Control Port, so an external process (UI, scripts) could manage the
> setup of the passphrase.
> That way even in case of seizure of the server running the Tor HS
> it would not be possible to who seized the Tor HS Server to do actively
> Impersonation attacks of the Tor HS.
I think that's a great idea but also a UI nightmare; for servers, I
think arm would need to support entering the key and for desktops, I
think Vidalia is the obvious target. It would probably be good to have
the key decryption tied together with something like scrypt to make
it really expensive to bruteforce.
All the best,
More information about the tor-dev