Putting a passphrase on the master secret key (in the current system)
would protect from theft if the hidden service is offline. But if the
service is online, the master secret key needs to be stored decrypted in
memory so the hidden service can sign and publish its updated
descriptors. If the hidden service is compromised while running,
attackers would just steal the decrypted key from memory and not bother
with the encrypted one in the filesystem. So unfortunately an RSA
passphrase does not provide as much extra security as we would like.
-Adrien
On 2015-03-03 12:45 PM, grarpamp wrote:
The keys are RSA, we need to be able to put an optional passphrase
on them (for startup as in httpd) as a simple first (and zero cost/design
to network) measure to eliminate their value to thieves. This has not been
done. There have been threads and tickets on this whole key management
topic.
--
tor-talk mailing list - [email protected]
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
