[tor-talk] Securing servers

tor at lists.grepular.com tor at lists.grepular.com
Tue Oct 11 19:04:08 UTC 2011


On 11/10/11 19:34, Jeroen Massar wrote:

>> I've been doing this myself for a while now. I wrote/released some
>> software to do it. It's described here:
>> 
>> https://grepular.com/Automatically_Encrypting_all_Incoming_Email
>> 
>> And here:
>> 
>> https://grepular.com/Automatically_Encrypting_all_Incoming_Email_Part_2
> 
> Yes, that is an awesome method for very cheaply keeping your emails safe
> from prying eyes. (though unless one has an external server polling the
> mail and saving it again, it is not applicable to gmail, especially as
> one does not know how much data gmail and other such services retain as
> they don't guarantee deletion).
> 
> The big advantage is also that there is no keying material that can
> cause the mails to be read, unlike most 'crypto filesystems' which tend
> to keep the crypto keys in memory for both reading and writing to the
> filesystem, thus if somebody is able to hack a process that can write
> (your incoming mailer) they can generally also read those files.

That is true yes, my private PGP key doesn't go anywhere near the server
which hosts my email.

Regarding your comments on keys being stored in RAM on crypto
filesystems, I have a working solution for that too. My Ubuntu laptop
uses full disk encryption, but the key is shifted from RAM into the
debug registers of the CPU as soon as it starts booting, and all crypto
operations are performed directly on the CPU without the key being
transferred back into RAM, using the CPU's AES-NI instructions. This
prevents the key being exposed during cold boot attacks. To achieve
this, I patched my kernel using something called TRESOR. For more info
see:
https://grepular.com/Protecting_a_Laptop_from_Simple_and_Sophisticated_Attacks
- If you compile a new kernel without LKM support then it's not even
possible for root to access the key.

I would do this on my mail server too, but it's a virtual machine which
this technique doesn't work on.

> The only missing component in the above puzzle is then to mirror new
> mails asap to a set of other hosts to act as a backup, just forwarding
> them to the other boxes with a rewrite can solve that though.

I do exactly that. After encryption, a second copy of every email is
forwarded to a different machine, over a VPN using SMTP, which also has
encrypted incremental backups using duplicity/gpg.

Another possibility would be to have a mail server as a hidden service,
and then just set up the Internet facing server to immediately forward
all incoming email to the hidden server via Tor.

-- 
Mike Cardwell https://grepular.com/  https://twitter.com/mickeyc
Professional  http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu   0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20111011/13a30045/attachment.pgp>


More information about the tor-talk mailing list