TechyGeekyHow
What software is used to build My-Stash?
A linux based platform is the most convenient, upon which access to TOR is established, and a "hidden service" is configured. Network connections are either SSH using Protocol Version 2, or HTTPS with self-generated server encryption certificate.
A linux based platform is the most convenient, upon which access to TOR is established, and a "hidden service" is configured. Network connections are either SSH using Protocol Version 2, or HTTPS with self-generated server encryption certificate.
What encryption methods are used for My-Stash?
SSH Protocol Version 2, allowing only RSA key (2048 bit key length) authenticated access (no passwords). Alternatively 2 Factor Authentication can be implemented with Duo Security mobile apps.
Web application access will be encrypted with self-signed server encryption keys.
SSH Protocol Version 2, allowing only RSA key (2048 bit key length) authenticated access (no passwords). Alternatively 2 Factor Authentication can be implemented with Duo Security mobile apps.
Web application access will be encrypted with self-signed server encryption keys.
What do you mean by "hidden service"?
The TOR network is documented and explained on their website https://torproject.org . Hidden services are by definition difficult to find, and their 16 (alphanumeric) character ".onion" addresses are difficult to guess. If you create a hidden service, the only practical way to access it is to get the address from the owner of the service. Note: even if someone does find the address, strong authentication (2 Factor Authentication) protects the information.
The TOR network is documented and explained on their website https://torproject.org . Hidden services are by definition difficult to find, and their 16 (alphanumeric) character ".onion" addresses are difficult to guess. If you create a hidden service, the only practical way to access it is to get the address from the owner of the service. Note: even if someone does find the address, strong authentication (2 Factor Authentication) protects the information.
No inbound ports to your network!
No firewall or router changes to allow "inbound" connections from internet to your private network (company network or home network), as would be the case with conventional remote access methods. This is because the hidden service is available on the TOR network, and "outbound only" access is all that's needed to make the hidden service available.
No firewall or router changes to allow "inbound" connections from internet to your private network (company network or home network), as would be the case with conventional remote access methods. This is because the hidden service is available on the TOR network, and "outbound only" access is all that's needed to make the hidden service available.
".onion" addresses are network and location agnostic
Once a hidden service is defined it can be accessed from any physical location and is easily moved from one geography to another. If you suspect someone has determined the location of your stash, you can simply disconnect from that local network, and reconnect anywhere else on the public internet that does not prohibit TOR, and everything will work as before.
Note: there is no "DNS for TOR" - each hidden service address can be interpreted as a functional equivalent of a FQDN (fully qualified domain name).
Once a hidden service is defined it can be accessed from any physical location and is easily moved from one geography to another. If you suspect someone has determined the location of your stash, you can simply disconnect from that local network, and reconnect anywhere else on the public internet that does not prohibit TOR, and everything will work as before.
Note: there is no "DNS for TOR" - each hidden service address can be interpreted as a functional equivalent of a FQDN (fully qualified domain name).
Changing your hidden service address is easy
If your ".onion" address is compromised, perhaps it was accidentally published to your facebook site, it is a simple task to generate a new address and just replace it where you used to use the old one.
If your ".onion" address is compromised, perhaps it was accidentally published to your facebook site, it is a simple task to generate a new address and just replace it where you used to use the old one.