[tor-talk] Revoking a hidden service key
Adrien Johnson
adrienj at adrienj.com
Tue Mar 3 18:50:04 UTC 2015
Putting a passphrase on the master secret key (in the current system)
would protect from theft if the hidden service is offline. But if the
service is online, the master secret key needs to be stored decrypted in
memory so the hidden service can sign and publish its updated
descriptors. If the hidden service is compromised while running,
attackers would just steal the decrypted key from memory and not bother
with the encrypted one in the filesystem. So unfortunately an RSA
passphrase does not provide as much extra security as we would like.
-Adrien
On 2015-03-03 12:45 PM, grarpamp wrote:
> The keys are RSA, we need to be able to put an optional passphrase
> on them (for startup as in httpd) as a simple first (and zero cost/design
> to network) measure to eliminate their value to thieves. This has not been
> done. There have been threads and tickets on this whole key management
> topic.
More information about the tor-talk
mailing list