[tor-dev] TorHS related files re-organization ?

Fabio Pietrosanti (naif) lists at infosecurity.ch
Sun Mar 18 11:46:10 UTC 2012


While thinking about TorHS key protection, it would be also nice to
think about "re-organizing" the way the TorHS describe store it's data.

One of the example issue i see is that currently the hostname of a TorHS
is written to a text file.

This provide two major drawbacks:
- Application integration

Any application willing to integrate with Tor and ship Tor together with
the application (GlobaLeaks, TorChat, etc) must do a file i/o operation
to know the hostname.
If the hostname could be known via Tor ControlPort the applications
integrating Tor would have a much clean and dynamic way to know it's
local TorHS hostname.

- Security issue

Looking at the server seizure threat scenario, who seize the computer
running TorHS will be able to know the identity of the TorHS itself by
looking at the "hostname" file.

In the context of protection by using a password to protect the TorHS
key, also the hostname information (currently in "hostname" file), would
need to be protected.
So in such context it would be eventually useful to think about changing
the structure of the HiddenServiceDir files, by merging together the
"hostname" file and the TorHS key.


Even better it would be cool to have an abstracted "data storage" for
such kind of information, so that it would be possible to keep it file
based, sql based, remotely hosted over an web services, etc.

Having something like:

HiddenServiceStorage file://etc/tor/hiddenservice
HiddenServiceStorage dbm://etc/tor/hiddenservice.db
HiddenServiceStorage
http://username@password:myremotekeyhostingservice/givemykeys?${{TorServerID}}

While for the protection schema it may have a file protection schema like:
HiddenServiceEncryptionMethod pgp, scrypt, plain,
exec://usr/bin/customscript


-naif


More information about the tor-dev mailing list