[tor-relays] Key files encryption methods.

tor at t-3.net tor at t-3.net
Thu Aug 22 00:51:42 UTC 2013 

 I have something to add to this.

I'm a new relay operator, but not new to server hosting in general. 
People should be aware that some providers of vservers run their 
internal operations by using a large-capacity storage box for the disk 
storage, and separate hardware hosts which run the 
cpu/memory/operationals of the vservers. The disk storage is accessed 
by a private network and would tend to be reached by the servers 
through a manageable switch. At least on Linux platform, the protocol 
I have seen the hosts talk to the disk box with is NFS. The core of 
NFS is unencrypted.

In a server farm environment where one is keeping the traffic all on a 
private switch like that on private IP space, the operator would not 
tend to tunnel those host NFS connections over SSH. An operator is 
looking for speed and throughput in that environment, and SSH 
tunneling would decrease both. It is assumed that passing the traffic 
through the private switch isn't a meaningful security concern.

What that means to tor server operators is that if you're using a 
vserver where the internals are set up this way, the unencrypted 
contents of your disk are likely being exposed to a managed switch. 
That switch could potentially be used to examine or redirect traffic. 
This is a real concern, not a theoretical one.

Security procedures on the key handling should take into account this 
sort of situation, where it may exist.

(In my case I get to choose which way I want the vserver - and with 
that, I'll be taking my new tor server offline for a little while for 
a re-implementation :/ ).



On Wednesday 21/08/2013 at 7:24 am, Moritz Bartl  wrote:
> On 21.08.2013 11:56, Tony Xue wrote:
>>
>> Is that those key files are only loaded when the Tor start and reload?
>> So could it be possible to decrypt the file before the start-up and
>> encrypt them again after the Tor start-up process is complete?
>
> The files are required only on startup of the relay, so you can keep
> them stored wherever (offsite, in an encrypted container, ...), and
> remove them from the live system after you start Tor.
>
> https://trac.torproject.org/projects/tor/wiki/doc/OperationalSecurity
>
> --
> Moritz Bartl
> https://www.torservers.net/
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130821/fca441d6/attachment.html>

More information about the tor-relays mailing list