[tor-dev] RFC: Ephemeral Hidden Services via the Control Port
Nathan Freitas
nathan at freitas.net
Sat Feb 14 03:01:23 UTC 2015
On Fri, Feb 13, 2015, at 07:45 PM, Yawning Angel wrote:
> Yes, this means that if you run "kittensomgmewmew.onion" and are scared
> of the NSA's persistent attempts to extract your hidden service key,
> via ultrasonic laser beamed from their satellites, you could run your
> tor instance entirely in a ram disk, and load the HS key manually each
> time from a USB token you wear around your neck.
A very practical use of this in the Orbot context, is that we can now
store all HS identity data in an IOCipher encrypted volume, which the
user can unlock with a strong passphrase when they want to start up
their onionsites. Currently, all HS data is stored in the standard Tor
data paths, only protected by the per-app user permissions on Android.
This means the data can be accessed by rootkit capable malware apps and
forensic extraction tools. With IOCipher, that would make that a great
deal harder, and impossible if they were in a locked state (i.e. the key
is not in memory).
We are working on adding OnionShare-capabilities to Orbot, so this is
well timed!
+n
More information about the tor-dev
mailing list