[tor-dev] TorHS related files re-organization ?
jeroen at unfix.org
Sun Mar 18 13:40:30 UTC 2012
On 2012-03-18 13:57 , Fabio Pietrosanti (naif) wrote:
> On 3/18/12 1:09 PM, Jeroen Massar wrote:
>> On 18 Mar 2012, at 12:46, "Fabio Pietrosanti (naif)" <lists at infosecurity.ch> wrote:
>>> - Security issue
>>> Looking at the server seizure threat scenario, who seize the computer
>>> running TorHS will be able to know the identity of the TorHS itself by
>>> looking at the "hostname" file
>> Why not simply use Full Disk Encryption or similar to protect all the data files, hat avoids a compromise for any file on the system, heck if hey turn the box off they can't even see there is Tor on it at all. also heavily note that the actual content served is likely much more valuable and you will want to protect that too.
> Yes, but any application that store "sensitive data" like keys should
> provide an integrated way to protect such sensitive data.
> Think about the "keychain" of PGP, or keychain of Firefox for digital
> certificate, etc, etc
> All major applications that need to handle "keys" support a built-in
> feature to provide different degree of protection for such "keys".
And you want to add another one that has to be separately managed? :)
As I mentioned btw, the Tor keys are not that valuable, the content that
sits behind it is though. And if you are doing it right you are actually
sending TLS/SSL/SSH through the tunnel instead of clear text.
> So the idea is to "aggregate" the TorHS related "sensitive information"
> and apply a protection schema with a "keychain" providing some security
Which is perfectly done by simply crypting the partition/disk the data
is stored on, which additionally will resolve quite a few other attacks
too. And the attack vectors that are left open with these is much better
Note that if you just use non-encrypted storage there is a big chance
that the 'old' file is still present on the file system which can give
away quite a few details already.
More information about the tor-dev