Create a SAFE TOR Hidden Service in a VM (Re: Please Help Me Test my Hidden Service Pt. 2)

7v5w7go9ub0o 7v5w7go9ub0o at
Thu Feb 25 18:41:42 UTC 2010

On 02/24/10 23:16, Ted Smith wrote:
> On Wed, 2010-02-24 at 11:56 -0500, 7v5w7go9ub0o wrote:
>> Perhaps mention the benefits of TPM chips (on 'ix, they can be
>> configured to benefit the user, not some record company)?
> Yup. Check out Trusted Grub if you're blessed with the appropriate
> hardware.
>> - FWIW, I run a quick MD5 hash check on the boot partition as part
>> of my boot up. Quick and easy; again, IDS, not IPS.
> Do you read the source for your shell script before every boot? The
> attacker could just replace your hash check with a no-op and print
> "Everything is fine", and you wouldn't be any wiser.

That's right - unless, I suppose, you could store it somewhere in the
TPM chip, and have TPM oversee the hashing. But as you mention, Trusted
Grub is the more elegant solution. (Wish I could get a TPM chip for my
Asus P6T :-( )

FWIW, I run this check after boot up, and after Loop-AES OTFE is active
and makes the encrypted hash available (sigh...Intrusion detection, not
Intrusion prevention)

To unsubscribe, send an e-mail to majordomo at with
unsubscribe or-talk    in the body.

More information about the tor-talk mailing list