On 2012-03-18 13:57 , Fabio Pietrosanti (naif) wrote: > On 3/18/12 1:09 PM, Jeroen Massar wrote: >> >> >> On 18 Mar 2012, at 12:46, "Fabio Pietrosanti (naif)" <li...@infosecurity.ch> >> wrote: >> >>> - Security issue >>> >>> Looking at the server seizure threat scenario, who seize the computer >>> running TorHS will be able to know the identity of the TorHS itself by >>> looking at the "hostname" file >> >> Why not simply use Full Disk Encryption or similar to protect all the data >> files, hat avoids a compromise for any file on the system, heck if hey turn >> the box off they can't even see there is Tor on it at all. also heavily note >> that the actual content served is likely much more valuable and you will >> want to protect that too. > > Yes, but any application that store "sensitive data" like keys should > provide an integrated way to protect such sensitive data. > > Think about the "keychain" of PGP, or keychain of Firefox for digital > certificate, etc, etc >
> All major applications that need to handle "keys" support a built-in > feature to provide different degree of protection for such "keys". And you want to add another one that has to be separately managed? :) As I mentioned btw, the Tor keys are not that valuable, the content that sits behind it is though. And if you are doing it right you are actually sending TLS/SSL/SSH through the tunnel instead of clear text. > So the idea is to "aggregate" the TorHS related "sensitive information" > and apply a protection schema with a "keychain" providing some security > feature. Which is perfectly done by simply crypting the partition/disk the data is stored on, which additionally will resolve quite a few other attacks too. And the attack vectors that are left open with these is much better understood too. Note that if you just use non-encrypted storage there is a big chance that the 'old' file is still present on the file system which can give away quite a few details already. Greets, Jeroen _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
