[tor-relays] doc/HARDENING Draft

tor at zengers.de tor at zengers.de
Tue Nov 25 22:57:28 UTC 2014


Hi,

On Tue, Nov 25, 2014 at 08:58:04PM +0100, tor-admin at torland.me wrote:
> Don't store identity keys on the hard disk. Keep them offliner. Use a ramdisk 
> for /var/lib/tor/keys/ and copy keys to it via scp before starting your tor 
> instance. Remove it from the ramdisk after startup. So the keys cannot be 
> easily taken during unexpected downtimes.
>
that's a nice idea. But keep in mind that your ramdisk could be offloaded
to swap. So make sure your swap is encryted too.
Also your keys could still be stolen while the server is running.

-- 
regards
 alex


More information about the tor-relays mailing list