On 03/17/2012 02:52 AM, Fabio Pietrosanti (naif) wrote: > Hi, > thinking about Tor Hidden services, they are managed by using Hidden > Services client keys. > > The Tor HS keys are "private keys" that may require to be protected > because they represent also the "identity" of the Tor HS and if stolen, > it would be possible to carry on impersonation attack on connecting to > Tor HS. > Accepting connections on behalf of the real TorHS, with the goal to > steal passwords, provide fake data to clients, exploit them, etc. > > > The Tor HS keys are even more sensible than the X509v3, as it does provide: > - identity (similar to an internet domain name) > - routing (similar to an internet IP address) > - encryption (they provide e2e encryption, i don't know if there are > attacks on crypto if they get stolen) > > So owning a Tor HS key it's like owning a user domain name, acquiring > it's ip address and the x509v3 private key of his digital certificate > bound to his domain name. > > > As a protection schema it would be possible to create the Tor HS private > key encrypted with a passphrase, like it's possible to do for x509v3 PEM > certificates. > > That the passphrase to unlock the Tor HS key, could be provided via Tor > Control Port, so an external process (UI, scripts) could manage the > setup of the passphrase. > > That way even in case of seizure of the server running the Tor HS > it would not be possible to who seized the Tor HS Server to do actively > Impersonation attacks of the Tor HS.
I think that's a great idea but also a UI nightmare; for servers, I think arm would need to support entering the key and for desktops, I think Vidalia is the obvious target. It would probably be good to have the key decryption tied together with something like scrypt[0] to make it really expensive to bruteforce. All the best, Jacob [0] http://www.tarsnap.com/scrypt.html _______________________________________________ tor-dev mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
