[tor-relays] Running tor in VPS - keep away snooping eyes
kalitor42 at yahoo.com
Thu Jul 3 10:40:15 UTC 2014
> On Thursday, July 3, 2014 9:11 AM, Mike Cardwell <tor at lists.grepular.com> wrote:
> > * on the Thu, Jul 03, 2014 at 10:02:06AM +0200, Lunar wrote:
>>>> I have done all that, so covered on that aspect. Was wondering if
> disk encryption and use of something like TRESOR would be useful?
>>> The private keys for the node are sensitive, and even the
>>> .tor/state file for the guard nodes could be if the attacker
>>> does not already have that info, same for any non default
>>> node selection stuff in torrc. Tor presumably validates
>>> the disk consensus files against its static keys on startup
>>> so that's probably ok yet all easily under .tor anyway.
>> Some says that it's better to leave the disk unencrypted because in
>> of seizure by the police, they can easily attest that the system was
>> only running Tor and nothing else.
> Even if it's encrypted, you can easily attest the exact same thing by
> handing over your password... If you choose to do so.
>> Some disagrees and says that we should always encrypt to make tampering
>> and (extra-)legal backdoor installation more difficult.
>> I believe the best strategy has never been really determined so far.
> I know of only two benefits to not encrypting.
> 1.) On some systems, for some workloads, you might have some level of
> improved performance. For a Tor node, I doubt there is any
> noticable difference.
> 2.) You can reboot without having to enter a password.
> Encryption gives you choice. The choice to hand over your password/key
> or not. As far as I'm concerned, "the best strategy" *has* been
> determined and it's to encrypt...
Thanks for the discussion on this.
If disk encryption is indeed the way to go, how many of the node operators do actually encrypt the disk? Has there been any performance issues? I ask specifically because I run in a VPS where resources are limited (compared to a proper machine).
More information about the tor-relays