26 Jun
2016
26 Jun
'16
1:55 p.m.
s7r:
And if the private key is on a smartcard, and the smartcard is plugged in the host all the time, what's the gain? I am not saying there isn't any, I just don't see it at this moment. One I can think of is that malware and/or someone hacking can't copy the private key and hijack the hidden service, but the risk remains in case someone physically sizes the server ("host").
Not necessarily. If you do a setup which drops power for the smartcard in case of seizure* (disconnects it) then you're going to be safeā¢. You have to have a PIN-protected card for this to work.
* A bit tricky, I know. -- Ivan Markin