On Fri, Feb 13, 2015, at 07:45 PM, Yawning Angel wrote: > Yes, this means that if you run "kittensomgmewmew.onion" and are scared > of the NSA's persistent attempts to extract your hidden service key, > via ultrasonic laser beamed from their satellites, you could run your > tor instance entirely in a ram disk, and load the HS key manually each > time from a USB token you wear around your neck.
A very practical use of this in the Orbot context, is that we can now store all HS identity data in an IOCipher encrypted volume, which the user can unlock with a strong passphrase when they want to start up their onionsites. Currently, all HS data is stored in the standard Tor data paths, only protected by the per-app user permissions on Android. This means the data can be accessed by rootkit capable malware apps and forensic extraction tools. With IOCipher, that would make that a great deal harder, and impossible if they were in a locked state (i.e. the key is not in memory). We are working on adding OnionShare-capabilities to Orbot, so this is well timed! +n _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
