[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Revoking a hidden service key



Putting a passphrase on the master secret key (in the current system) would protect from theft if the hidden service is offline. But if the service is online, the master secret key needs to be stored decrypted in memory so the hidden service can sign and publish its updated descriptors. If the hidden service is compromised while running, attackers would just steal the decrypted key from memory and not bother with the encrypted one in the filesystem. So unfortunately an RSA passphrase does not provide as much extra security as we would like.

-Adrien

On 2015-03-03 12:45 PM, grarpamp wrote:
The keys are RSA, we need to be able to put an optional passphrase
on them (for startup as in httpd) as a simple first (and zero cost/design
to network) measure to eliminate their value to thieves. This has not been
done. There have been threads and tickets on this whole key management
topic.

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk