[tor-talk] Securing servers

Jeroen Massar jeroen at unfix.org
Tue Oct 11 18:00:39 UTC 2011


On 2011-10-11 15:39 , Moritz Bartl wrote:
> Hi Jeroen,
> 
> I find this is an interesting discussion, although it feels very much
> off topic. Is there another list to discuss this?

No idea about the proper venue. I am sure that if it becomes to annoying
one Tor Project member or another will kick the persons involved and
nicely ask to move along somewhere else.

> On 11.10.2011 14:33, Jeroen Massar wrote:
>>> If the box is at a place under your control, you will at least know.
>>> Replugging can be noticed (packet drops, changes in voltage) and the
>>> system can be shut down/wiped.
>> Google for Vampire Taps. You won't notice a thing unless you have very
>> very sensitive voltage etc measurements happening.
> 
> How are you going to Vampire Tap a simple Wiimote built inside the
> server, or other devices of that kind? Or lock the server to the
> building (and detect movement of the lock).

As I stated, if you have sensitive measurements then you can detect
this. What you then do upon this detection is a different thing.

>> Like everything else (eg how many locks you have on your house), it all
>> depends completely who your adversary is and how much protection you
>> require against it. 
> 
> It makes a lot of difference if you *know* about access to sensitive
> data or not.

I have not stated to disagree with that did I? :)


As a side-step: The server being (software) hacked is IMHO way more
probable then somebody getting physical access to it. Thus having a
disposable key that allows reading of data that is stored also means
that if that process is hacked that they have full access to the key, no
sensor protects.



Back to the original message: The prime point at the start of the thread
was that it is completely unsafe to use a service like gmail for storing
email.

IMHO one can 'safely' use those kind of service up to a certain level
given that you either don't use it for communications you don't care
that they are leaked or if you do care about that that people sending
email to it use PGP so that only sender/receiver is disclosed when they
do get access to that store. (assuming adversary is unable to crack your
PGP crypto of course ;)

> That's also the difference of a data center run by friends
> who will let you know with a certain probability, and some corporate DC
> where you will most likely never find out that something is bugged.

That is more a trust issue. If someone has access to it, you better know
it before they can do anything with it. Also "Corporate" datacenters
have the tendency of allowing stuff to be lost in the noise ;)

Greets,
 Jeroen


More information about the tor-talk mailing list