Create a SAFE TOR Hidden Service in a VM (Re: Please Help Me Test my Hidden Service Pt. 2)
Ted Smith
teddks at gmail.com
Thu Feb 25 20:27:56 UTC 2010
On Thu, 2010-02-25 at 13:41 -0500, 7v5w7go9ub0o wrote:
> On 02/24/10 23:16, Ted Smith wrote:
> > On Wed, 2010-02-24 at 11:56 -0500, 7v5w7go9ub0o wrote:
> []
> >> Perhaps mention the benefits of TPM chips (on 'ix, they can be
> >> configured to benefit the user, not some record company)?
> >>
> > Yup. Check out Trusted Grub if you're blessed with the appropriate
> > hardware.
> []
> >> - FWIW, I run a quick MD5 hash check on the boot partition as part
> >> of my boot up. Quick and easy; again, IDS, not IPS.
> >>
> > Do you read the source for your shell script before every boot? The
> > attacker could just replace your hash check with a no-op and print
> > "Everything is fine", and you wouldn't be any wiser.
> >
>
> That's right - unless, I suppose, you could store it somewhere in the
> TPM chip, and have TPM oversee the hashing. But as you mention, Trusted
> Grub is the more elegant solution. (Wish I could get a TPM chip for my
> Asus P6T :-( )
>
> FWIW, I run this check after boot up, and after Loop-AES OTFE is active
> and makes the encrypted hash available (sigh...Intrusion detection, not
> Intrusion prevention)
Oh, in that case it seems like it would be secure - the intruder can't
change the encrypted hash, and if you verify that the hash is correct
before starting networking, they can't get your password either.
This is getting a bit long for an OT thread, so I think we should cut it
off here.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100225/a11425f2/attachment.pgp>
More information about the tor-talk
mailing list