On 2011-10-11 15:39 , Moritz Bartl wrote: > Hi Jeroen, > > I find this is an interesting discussion, although it feels very much > off topic. Is there another list to discuss this?
No idea about the proper venue. I am sure that if it becomes to annoying one Tor Project member or another will kick the persons involved and nicely ask to move along somewhere else. > On 11.10.2011 14:33, Jeroen Massar wrote: >>> If the box is at a place under your control, you will at least know. >>> Replugging can be noticed (packet drops, changes in voltage) and the >>> system can be shut down/wiped. >> Google for Vampire Taps. You won't notice a thing unless you have very >> very sensitive voltage etc measurements happening. > > How are you going to Vampire Tap a simple Wiimote built inside the > server, or other devices of that kind? Or lock the server to the > building (and detect movement of the lock). As I stated, if you have sensitive measurements then you can detect this. What you then do upon this detection is a different thing. >> Like everything else (eg how many locks you have on your house), it all >> depends completely who your adversary is and how much protection you >> require against it. > > It makes a lot of difference if you *know* about access to sensitive > data or not. I have not stated to disagree with that did I? :) As a side-step: The server being (software) hacked is IMHO way more probable then somebody getting physical access to it. Thus having a disposable key that allows reading of data that is stored also means that if that process is hacked that they have full access to the key, no sensor protects. Back to the original message: The prime point at the start of the thread was that it is completely unsafe to use a service like gmail for storing email. IMHO one can 'safely' use those kind of service up to a certain level given that you either don't use it for communications you don't care that they are leaked or if you do care about that that people sending email to it use PGP so that only sender/receiver is disclosed when they do get access to that store. (assuming adversary is unable to crack your PGP crypto of course ;) > That's also the difference of a data center run by friends > who will let you know with a certain probability, and some corporate DC > where you will most likely never find out that something is bugged. That is more a trust issue. If someone has access to it, you better know it before they can do anything with it. Also "Corporate" datacenters have the tendency of allowing stuff to be lost in the noise ;) Greets, Jeroen _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
