[tor-relays] Decommissioning a FallbackDir node (punki)
George Hartley
hartley_george at proton.me
Fri Oct 4 22:40:53 UTC 2024
No problem.
You should default to full disk / partition encryption.
The ArchLinux Wiki has (as usual) a great article on this:
https://wiki.archlinux.org/title/Dm-crypt/Device_encryption#Encrypting_devices_with_cryptsetup
Also make sure to not use the standard hash library (SHA256) but SHA512 instead, and also use argon2id as PBKDF as it's slower and thus harder to brute-force your boot password.
This way your new provider will not be able to obtain your new keys.
Also, even if the old provider did indeed dump your HDD a while ago,
the first / "real" relay to boot up with one descriptor / secret_key gets favored, the other / "fake" I believe I read a while back will not be allowed on to the network, but take this with a grain of salt.
-GH
On Friday, October 4th, 2024 at 11:51 PM, Osservatorio Nessuno via tor-relays <tor-relays at lists.torproject.org> wrote:
> Hi,
> thanks both for your input.
>
>
> On 03/10/2024 21:24, boldsuck via tor-relays wrote:
>
> > But:
> > FallbackDir can also move to another provider/host. Simply copy the Tor keys
> > of the instance to the new host. I've done that several times.
>
>
> While we could, I would think it is not a great security practice
> migrate keys that were on an old, non updated provider cluster when
> building a new node elsewhere. That would double the risk of someone
> else having the secret keys (old provider, new provider instead of just
> the new provider).
>
> Giulio
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - hartley_george at proton.me - 0xAEE8E00F.asc
Type: application/pgp-keys
Size: 657 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241004/3af8cc55/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20241004/3af8cc55/attachment.sig>
More information about the tor-relays
mailing list