[tor-dev] RFC: Ephemeral Hidden Services via the Control Port

Nathan Freitas nathan at freitas.net
Sat Feb 14 03:01:23 UTC 2015


On Fri, Feb 13, 2015, at 07:45 PM, Yawning Angel wrote:
> Yes, this means that if you run "kittensomgmewmew.onion" and are scared
> of the NSA's persistent attempts to extract your hidden service key,
> via ultrasonic laser beamed from their satellites, you could run your
> tor instance entirely in a ram disk, and load the HS key manually each
> time from a USB token you wear around your neck.

A very practical use of this in the Orbot context, is that we can now
store all HS identity data in an IOCipher encrypted volume, which the
user can unlock with a strong passphrase when they want to start up
their onionsites. Currently, all HS data is stored in the standard Tor
data paths, only protected by the per-app user permissions on Android.
This means the data can be accessed by rootkit capable malware apps and
forensic extraction tools. With IOCipher, that would make that a great
deal harder, and impossible if they were in a locked state (i.e. the key
is not in memory).

We are working on adding OnionShare-capabilities to Orbot, so this is
well timed!

+n



More information about the tor-dev mailing list