[tor-relays] Kitten1 and kitten2 compromised (guard/hs/fallback directory)

nusenu nusenu-lists at riseup.net
Thu May 18 19:59:00 UTC 2017


>> I don't know any context or background but if you fear this could happen
>> to you again, I recommend to use tor's OfflineMasterKey feature (without
>> copying the master key to the server) with a short keylifetime (i.e. 7
>> days), especially if it is a fallback dir
>> (which requires a tor source code change to remove it).
> 
> Thanks for this feature, I don't know it !

If you want to use it you likely want to automate that especially with a
keylifetime of < 30days
because copying around files manually every week is no fun.
ansible-relayor does that out of the box for you ;)
https://github.com/nusenu/ansible-relayor

>> Could you also confirm the relay fingerprints (in addition to the
>> nicknames)?
> 
> kitten1 86E78DD3720C78DA8673182EF96C54B162CD660C
> kitten2 2EBD117806EE43C3CC885A8F1E4DC60F207E7D3E

thanks for the fingerprints.

Did you shutdown kitten3/4 (yoda.imirhil.fr)
3F5D8A879C58961BB45A3D26AC41B543B40236D6
6FB38EB22E57EF7ED5EF00238F6A48E553735D88

yourself? (last seen Monday 2017-05-15 11:00) or did Online SAS cancel
this second VPS after the first one got seized?

thanks,
nusenu

-- 
https://mastodon.social/@nusenu
https://twitter.com/nusenu_

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20170518/f0197d1f/attachment.sig>


More information about the tor-relays mailing list