[tor-relays] Running tor in VPS - keep away snooping eyes

s7r s7r at sky-ip.org
Thu Jul 3 11:10:34 UTC 2014

Hash: SHA1

On 7/3/2014 1:40 PM, Kali Tor wrote:
>> On Thursday, July 3, 2014 9:11 AM, Mike Cardwell
>> <tor at lists.grepular.com> wrote:
>>> * on the Thu, Jul 03, 2014 at 10:02:06AM +0200, Lunar wrote:
>>>>> I have done all that, so covered on that aspect. Was
>>>>> wondering if
>> disk encryption and use of something like TRESOR would be
>> useful?
>>>> The private keys for the node are sensitive, and even the 
>>>> .tor/state file for the guard nodes could be if the attacker 
>>>> does not already have that info, same for any non default 
>>>> node selection stuff in torrc. Tor presumably validates the
>>>> disk consensus files against its static keys on startup so
>>>> that's probably ok yet all easily under .tor anyway.
>>> Some says that it's better to leave the disk unencrypted
>>> because in
>> case
>>> of seizure by the police, they can easily attest that the
>>> system was only running Tor and nothing else.
>> Even if it's encrypted, you can easily attest the exact same
>> thing by handing over your password... If you choose to do so.
>>> Some disagrees and says that we should always encrypt to make
>>> tampering and (extra-)legal backdoor installation more
>>> difficult.
>>> I believe the best strategy has never been really determined so
>>> far.
>> I know of only two benefits to not encrypting.
>> 1.) On some systems, for some workloads, you might have some
>> level of improved performance. For a Tor node, I doubt there is
>> any noticable difference.
>> 2.) You can reboot without having to enter a password.
>> Encryption gives you choice. The choice to hand over your
>> password/key or not. As far as I'm concerned, "the best strategy"
>> *has* been determined and it's to encrypt...
> Thanks for the discussion on this.
> If disk encryption is indeed the way to go, how many of the node
> operators do actually encrypt the disk? Has there been any
> performance issues? I ask specifically because I run in a VPS where
> resources are limited (compared to a proper machine).
> - kali-
> _______________________________________________ tor-relays mailing
> list tor-relays at lists.torproject.org 
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Depends, what configuration will that virtual machine have?
You shouldn't notice too big of a difference, full disk encryption is
not a resource killer on any configuration.

- -- 
PGP Fingerprint: 7C36 9232 5ABD FB0B 3021 03F1 837F A52C 8126 5B11
Version: GnuPG v2.0.22 (MingW32)


More information about the tor-relays mailing list