[HOME] [DOWNLOAD] [DOCS] [BLOG] [SUPPORT] [TIPS] [ISSUES] [Priority Support]

Tor hidden service private key leaks into Whonix-Workstation in the age of Tor ControlProtocol (ephermal) based hidden services


#1

onionshare, ricochet and unMessage will make it a lot easier to use Tor hidden services once Whonix 14 is out. No more torrc edits required. Easier backups of hidden service private keys. The disadvantage of ricochet and unMessage however is, that the hidden service key ends up in Whonix-Workstation. Otherwise the same onion address could not be restored on subsequent use.

This was better in “the age of TorChat” where the Tor hidden service private key never reached Whonix-Workstation and stayed only on Whonix-Gateway.

I wonder if we could suggest a feature to The Tor Project, where the to be restored hidden service private key gets only referenced by its domain name that is stored on the workstation while the real hidden service key stays stored in /var/lib/tor on Whonix-Gateway. This however would making backups of these keys harder - one would not just have to backup its application user data folder on the workstation but also the Tor hidden service keys on the gateway.

If this is worth it depends on how much damage an attacker inside a compromised workstation can do when having access to the Tor hidden service private key vs not having access to it. Obviously the ability to steal the identity vs not having that ability. But does it open up to other anonymity related attacks?


#2

Exfiltrating the private key gives them the ability to impersonate the user and eavesdrop on the conversation even outside the window of compromise of the workstation.

With the old version of the HS protocol, they can censor communication by arranging malicious HS authority servers beforehand. Knowing the HS address makes targeted deanonymization attacks easier to do since they know a certain onion name to run confirmation attacks for with compromised guards.

Keeping with our design goal we should always opt for the WS knowing less as possible. Safe defaults should always be a priority.

Backing up the key is really a one time thing and not worth leaving users exposed over.