[tor-relays] Running tor in VPS - keep away snooping eyes

Mike Cardwell tor at lists.grepular.com
Thu Jul 3 08:53:57 UTC 2014

* on the Thu, Jul 03, 2014 at 10:02:06AM +0200, Lunar wrote:

>>> I have done all that, so covered on that aspect. Was wondering if disk encryption and use of something like TRESOR would be useful?
>> The private keys for the node are sensitive, and even the
>> .tor/state file for the guard nodes could be if the attacker
>> does not already have that info, same for any non default
>> node selection stuff in torrc. Tor presumably validates
>> the disk consensus files against its static keys on startup
>> so that's probably ok yet all easily under .tor anyway.
> Some says that it's better to leave the disk unencrypted because in case
> of seizure by the police, they can easily attest that the system was
> only running Tor and nothing else.

Even if it's encrypted, you can easily attest the exact same thing by
handing over your password... If you choose to do so.
> Some disagrees and says that we should always encrypt to make tampering
> and (extra-)legal backdoor installation more difficult.
> I believe the best strategy has never been really determined so far.

I know of only two benefits to not encrypting.

1.) On some systems, for some workloads, you might have some level of
    improved performance. For a Tor node, I doubt there is any
    noticable difference.

2.) You can reboot without having to enter a password.

Encryption gives you choice. The choice to hand over your password/key
or not. As far as I'm concerned, "the best strategy" *has* been
determined and it's to encrypt...

Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20140703/7ffe6095/attachment.sig>

More information about the tor-relays mailing list