[tor-relays] cryptsetup some folders

teor teor2345 at gmail.com
Tue Oct 25 10:19:01 UTC 2016


> On 25 Oct. 2016, at 21:16, Toralf Förster <toralf.foerster at gmx.de> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> On 10/25/2016 12:03 PM, Duncan Guthrie wrote:
>> 
>> Having it encrypted also makes remote management an absolute pain.
> Depends on - an encrypted ext4fs needs just to be decrypted after boot as I tried in [1].
> 
> And the use case is to avoid that the private key of the tor exit relay can be accessed by somebody having physical access to the hard disk.

... while the machine is unpowered.

If the machine is powered, physical access likely gives them
physical access to the contents of memory as well.
(Not just cold boot-style attacks, but DMA hardware as well.)

Tim

> 
> 
> [1] https://github.com/toralf/torutils/blob/master/unlock_tor.sh
> 
> - -- 
> Toralf
> PGP: C4EACDDE 0076E94E, OTR: 420E74C8 30246EE7
> -----BEGIN PGP SIGNATURE-----
> 
> iHYEAREIAB4FAlgPMQsXHHRvcmFsZi5mb2Vyc3RlckBnbXguZGUACgkQxOrN3gB2
> 6U46ZwD+O8iItKweJ9xC90enAgEA28Q0jqBw4wN5LMtMKz0o+XEBAIdP9oe7KKBh
> AX5Qf4PQ2wUKB49Ut0Il2nBKOyA0C3bs
> =4jom
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

T

-- 
Tim Wilson-Brown (teor)

teor2345 at gmail dot com
PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B
ricochet:ekmygaiu4rzgsk6n
xmpp: teor at torproject dot org
------------------------------------------------------------------------------










More information about the tor-relays mailing list