Re: Tor exit nodes

To: Thorsten Glaser <[email protected]>
Subject: Re: Tor exit nodes
From: Theodore Ts'o <[email protected]>
Date: Tue, 17 Oct 2017 23:07:01 -0400
Authentication-results: mail1.trendhosting.net; dkim=fail reason="verification failed; unprotected key" header.d=thunk.org [email protected] header.b=gwhIW/Om; dkim-adsp=none (unprotected policy); dkim-atps=neutral
Cc: [email protected]
Delivered-to: [email protected]
Delivered-to: [email protected]
Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=thunk.org; s=ef5046eb; h=In-Reply-To:Content-Transfer-Encoding:Content-Type: MIME-Version:References:Message-ID:Subject:Cc:To:From:Date:Sender:Reply-To: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=G6b4mEQtaCHe4nYoR5C26xvKYOniZJmBzet5ezFMOs8=; b=gwhIW/OmFFTDqmBQrrW+CjxqIP pg4dNWvVXjKhPvTwGvdZ0jp05a4548nfS+jqJS3A2GoHn61fhsQeRqd3+ILjJWCq/vVeXZGZQU9JZ ihZikrI6KqoeL49v2dGy9PwKE33oZddxuXunTgmv++kOCQWYgQk/qDNSxk4yL3BJFsvg=;
In-reply-to: <[email protected]>
List-archive: <file://master.debian.org:~debian/archive/debian-private/>
List-help: <mailto:[email protected]?subject=help>
List-id: <debian-private.lists.debian.org>
List-post: <mailto:[email protected]>
List-url: <https://lists.debian.org/debian-private/>
Old-return-path: <[email protected]>
References: <[email protected]> <[email protected]> <[email protected]> <1869053.8afOm8C7Gj@xev> <[email protected]> <[email protected]> <[email protected]> <[email protected]> <[email protected]>
Resent-date: Wed, 18 Oct 2017 03:07:32 +0000 (UTC)
Resent-from: [email protected]
Resent-message-id: <3JKNFLQ4STD.A.SoG.0Vs5ZB@bendel>
Resent-sender: [email protected]
User-agent: NeoMutt/20170609 (1.8.3)

On Tue, Oct 17, 2017 at 11:27:49PM +0000, Thorsten Glaser wrote:
> Florian Weimer dixit:
> 
> >On the other hand, one of the most attractive aspects of these devices
> >for the majority of users is that the private key cannot leave the
> >device
> 
> True, but that’s of no use if the key is predictable.

I've always wanted a backup of my keys in case the Yubikey gets
destroyed, so I've always generated my key using an off-line computer,
where I've carefully made sure the entropy pool has been well seeded.

The keys are generated onto a ramdisk, and then copied into a Yubikey,
and a secure USB key which has an external keypad where you enter a
7-15 digit numeric code in order to activate it.  There are many
products available, but I'm personally fond of the Aegis Secure
Key[1], since it is weather-sealed against Dust and Water and
internally the electronics are encased in Epoxy to protect against
physical access to the flash chip.  Since it's very robust, and
relatively small, I can keep it with me at all times.

[1] https://www.apricorn.com/aegis-secure-key-2

						- Ted

References:
- Dmitry Bogatov arrested in Moscow
  - From: Dmitry Shachnev <[email protected]>
- Re: Tor exit nodes
  - From: Holger Levsen <[email protected]>
- Re: Tor exit nodes
  - From: Lars Wirzenius <[email protected]>
- Re: Tor exit nodes
  - From: Russell Coker <[email protected]>
- Re: Tor exit nodes
  - From: Thorsten Glaser <[email protected]>
- Re: Tor exit nodes
  - From: Matt Taggart <[email protected]>
- Re: Tor exit nodes
  - From: Thorsten Glaser <[email protected]>
- Re: Tor exit nodes
  - From: Florian Weimer <[email protected]>
- Re: Tor exit nodes
  - From: Thorsten Glaser <[email protected]>

Prev by Date: Re: Tor exit nodes
Next by Date: Re: Tor exit nodes
Previous by thread: Re: Tor exit nodes
Next by thread: Re: Tor exit nodes
Index(es):
- Date
- Thread