Hi,
so you were right the databases were corrupt, but they shouldn't have been
there in the first place. :-)
I didn't want to include large files in the git repo (~120mb in total), so
there is a generation script in the tools directory (now added).
I added some instructions on the readme file t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hello Razvan,
What you try to achieve is possible. It can be done, but requires code
to be written. If you are really interested about this feature you can
either sponsor someone to write the code for it either code it yourself.
The 1024 bit RSA pr
> On 17 Oct 2015, at 17:26, Li Xiaodong wrote:
>
> Hello, I can't use Google Search Engine Service through Tor proxy. Google
> asked me to enter a Verification Code. After I entered the Verification
> Code, Google asked me enter a new Verification Code. Could you please
> communicate this pr
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
str4d wrote:
> Vasilios Mavroudis wrote:
>> Hello,
>
>> I would like to introduce our project "Crux", which enables the
>> computation of privacy preserving statistics on sensitive data.
>> The project was developed at University College London (UC
Razvan Dragomirescu:
> Ivan, according to https://www.torproject.org/docs/hidden-services.html.en
> (maybe I misunderstood it), at Step 4, the client sends an _encrypted_
> packet to the hidden service, so the hidden service needs to be able to
> decrypt that packet. So the key on the card needs to
Exactly, you ask the smartcard to decrypt your traffic (and sign data if
needed), it never tells you the key, it's a blackbox - it gets plaintext
input and gives you encrypted (or signed) output, without ever revealing
the key it's used. It can also generate the key internally (actually a
keypair,
Ivan, according to https://www.torproject.org/docs/hidden-services.html.en
(maybe I misunderstood it), at Step 4, the client sends an _encrypted_
packet to the hidden service, so the hidden service needs to be able to
decrypt that packet. So the key on the card needs to be used both for
signing the
Ken Keys:
>> > The point is that one can't[*] extract a private key from a smartcard
>> > and because of that even if machine is compromised your private key
>> > stays safe.
> If the machine is going to use the HS key, the actual HS key has to be
> visible to it.
Nope. If the machine is going to
On 10/17/2015 12:27 PM, Ivan Markin wrote:
> Ken Keys:
>> If the tor process is going to use the key, at some point the
>> unencrypted key has to be visible to the machine running it. You would
>> in any case have to trust the machine hosting the tor node. A more
>> secure setup would be to run the
Ken Keys:
> If the tor process is going to use the key, at some point the
> unencrypted key has to be visible to the machine running it. You would
> in any case have to trust the machine hosting the tor node. A more
> secure setup would be to run the tor node inside an encrypted VM and use
> your s
If the tor process is going to use the key, at some point the
unencrypted key has to be visible to the machine running it. You would
in any case have to trust the machine hosting the tor node. A more
secure setup would be to run the tor node inside an encrypted VM and use
your smartcard/dongle/what
Razvan Dragomirescu:
> Thank you Ivan, I've taken a look but as far as I understand your project
> only signs the HiddenService descriptors from an OpenPGP card. It still
> requires each backend instance to have its own copy of the key (where it
> can be read by an attacker). My goal is to have the
Tamper resistance. And the fact that an attacker with access to the machine
running Tor can read your encrypted thumb drive (you need to decrypt it at
some point to load the key into the Tor process since the encrypted
thumbdrive doesn't run crypto algos internally). A smartcard is a small
embedded
What is the advantage of a smart card over a standard encrypted thumb drive?
On 10/17/2015 11:19 AM, Razvan Dragomirescu wrote:
> Thank you Ivan, I've taken a look but as far as I understand your
> project only signs the HiddenService descriptors from an OpenPGP card.
> It still requires each back
Thank you Ivan, I've taken a look but as far as I understand your project
only signs the HiddenService descriptors from an OpenPGP card. It still
requires each backend instance to have its own copy of the key (where it
can be read by an attacker). My goal is to have the HS private key
exclusively i
Thank you grarpamp, but that's not what I'm trying to prevent/achieve. I
simply want to host the private key for a hidden service inside a secure
element (a smartcard) to ensure that only the hardware that has direct
access to my smartcard can publish the descriptors for the service and
decrypt inc
16 matches
Mail list logo
