[tor-relays] issues with a fresh new tor server

Sun Aug 21 17:20:10 UTC 2016

On 8/21/16, Toralf Förster <toralf.foerster at gmx.de> wrote:
> I'm pretty convinced that this is an easy method to ensure an attacker
> even with physical access to a server (eg. while changing a defect
> hard disk) can't achieve the secret key.

rm the key/salt doesn't wipe the underlying data.
Wipe the files or the non swap backed fs, or use a pipe.
Some tools and allocators might wipe ram regarding core dump.
But still, turn off dumps. Considering...
- Adversary can always run a node at their cost
- Almost all nodes are linux attack surface, not diverse
- You keep copy of node key to help show revocation.
- You may not discover you're rooted
... don't lose sleep over it. Happy relaying.