[tor-dev] Tor HS keys password protection against impersonation attacks?

Jeroen Massar jeroen at unfix.org
Sat Mar 17 10:02:01 UTC 2012


On 2012-03-17 10:52 , Fabio Pietrosanti (naif) wrote:
[..]
> That way even in case of seizure of the server running the Tor HS
> it would not be possible to who seized the Tor HS Server to do actively
> Impersonation attacks of the Tor HS.

If you want to protect these files, use proper full disk crypto, that
will solve all your data issues up to that level, eg somebody taking the
disk and trying to attack it from that perspective. Do note that not all
FDEs are actually truly secure... and it all depends on what one is
protecting against.

If one can get access to a running installation so that they can
retrieve/access the file you store your keys in you have lost more than
just your identity, they can then also subvert the machine by changing
binaries on the system, inserting code into running processes etc etc or
just monitoring the thing, likely with the data that goes inside the tunnel.


Another way to solve this is to do SSL/TLS/SSH inside the Tor connection
and use that for authentication of client and server, which is probably
the best thing you can do to protect your data, as the legs between your
client and the Tor instance and the remote HS Tor instance and the app
are not 'protected' by the layer that Tor provides oh and those legs are
perfectly inspectable with tcpdump.

Greets,
 Jeroen


More information about the tor-dev mailing list