[tor-relays] Running tor in VPS - keep away snooping eyes

Lunar lunar at torproject.org
Thu Jul 3 08:02:06 UTC 2014

> On Wed, Jul 2, 2014 at 7:46 AM, Kali Tor <kalitor42 at yahoo.com> wrote:
> > I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful?
> The private keys for the node are sensitive, and even the
> .tor/state file for the guard nodes could be if the attacker
> does not already have that info, same for any non default
> node selection stuff in torrc. Tor presumably validates
> the disk consensus files against its static keys on startup
> so that's probably ok yet all easily under .tor anyway.

Some says that it's better to leave the disk unencrypted because in case
of seizure by the police, they can easily attest that the system was
only running Tor and nothing else.

Some disagrees and says that we should always encrypt to make tampering
and (extra-)legal backdoor installation more difficult.

I believe the best strategy has never been really determined so far.

Lunar                                             <lunar at torproject.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140703/d4028505/attachment.sig>

More information about the tor-relays mailing list