Delivery-Date: Tue, 03 Mar 2015 13:50:12 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	T_RP_MATCHES_RCVD,URIBL_BLOCKED autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id E32831E0A92
	for <archiver@seul.org>; Tue,  3 Mar 2015 13:50:10 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 934E833EEF;
	Tue,  3 Mar 2015 18:50:08 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 1F82333EE7
 for <tor-talk@lists.torproject.org>; Tue,  3 Mar 2015 18:50:05 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id R4QdgofbsbBv for <tor-talk@lists.torproject.org>;
 Tue,  3 Mar 2015 18:50:05 +0000 (UTC)
Received: from imap2-3.ox.privateemail.com (imap2-3.ox.privateemail.com
 [192.64.116.208])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "privateemail.com",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 0263033EE3
 for <tor-talk@lists.torproject.org>; Tue,  3 Mar 2015 18:50:04 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by mail.privateemail.com (Postfix) with ESMTP id 2CBCA8C0085
 for <tor-talk@lists.torproject.org>; Tue,  3 Mar 2015 13:50:02 -0500 (EST)
X-Virus-Scanned: Debian amavisd-new at imap2.ox.privateemail.com
Received: from mail.privateemail.com ([127.0.0.1])
 by localhost (imap2.ox.privateemail.com [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id v-HDSdhn9osQ for <tor-talk@lists.torproject.org>;
 Tue,  3 Mar 2015 13:50:02 -0500 (EST)
Received: from [192.168.42.162] (135-23-87-110.cpe.pppoe.ca [135.23.87.110])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by mail.privateemail.com (Postfix) with ESMTPSA id DE02F8C0075
 for <tor-talk@lists.torproject.org>; Tue,  3 Mar 2015 13:50:01 -0500 (EST)
Message-ID: <54F6025C.9040801@adrienj.com>
Date: Tue, 03 Mar 2015 13:50:04 -0500
From: Adrien Johnson <adrienj@adrienj.com>
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64;
 rv:31.0) Gecko/20100101 Thunderbird/31.5.0
MIME-Version: 1.0
To: tor-talk@lists.torproject.org
References: <54F506C7.6020202@adrienj.com>
 <CALoT2zYkwUEguD-bN+hsePTK8a+G=HRWju6s3yGtiQA5+G5Waw@mail.gmail.com>
 <54F51F38.30902@adrienj.com>
 <CAKrUFkh4fd9tkssVXiUs0g_X5vRYH2FBA4Te0nJGRtyM2Qy0dw@mail.gmail.com>
 <54F524EE.3050400@adrienj.com> <54F58AAD.5010000@donncha.is>
 <54F5B9DC.9010101@adrienj.com>
 <CAGH6_ppvP-1B8F_7w2QN95x4Dy8j0rjwhbbeYB1tUCk4GNzVGw@mail.gmail.com>
 <54F5DA0C.3090403@adrienj.com>
 <CAGH6_pr7gVxRRdGqaDhJdSL3yMhN4w6ZHfFnjJFWDubuWZjiig@mail.gmail.com>
 <54F5E683.5060507@adrienj.com>
 <CAD2Ti2_CqnqV1mGuBt1xXzzDkVptSkB=d63ogzDJSBc16s520A@mail.gmail.com>
In-Reply-To: <CAD2Ti2_CqnqV1mGuBt1xXzzDkVptSkB=d63ogzDJSBc16s520A@mail.gmail.com>
Subject: Re: [tor-talk] Revoking a hidden service key
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Putting a passphrase on the master secret key (in the current system) 
would protect from theft if the hidden service is offline. But if the 
service is online, the master secret key needs to be stored decrypted in 
memory so the hidden service can sign and publish its updated 
descriptors. If the hidden service is compromised while running, 
attackers would just steal the decrypted key from memory and not bother 
with the encrypted one  in the filesystem. So unfortunately an RSA 
passphrase does not provide as much extra security as we would like.

-Adrien

On 2015-03-03 12:45 PM, grarpamp wrote:
> The keys are RSA, we need to be able to put an optional passphrase
> on them (for startup as in httpd) as a simple first (and zero cost/design
> to network) measure to eliminate their value to thieves. This has not been
> done. There have been threads and tickets on this whole key management
> topic.

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

