[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #18191 [Core Tor/Tor]: .onion name collision

Subject: Re: [tor-bugs] #18191 [Core Tor/Tor]: .onion name collision
From: "Tor Bug Tracker & Wiki" <blackhole@xxxxxxxxxxxxxx>
Date: Sat, 13 Aug 2016 15:00:26 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 13 Aug 2016 11:00:35 -0400
In-reply-to: <051.563c01ef87c221f16d568a8b37f59f68@torproject.org>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs/>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: "auto: Tor bug tracker status mails" <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <051.563c01ef87c221f16d568a8b37f59f68@torproject.org>
Reply-to: no-reply@xxxxxxxxxxxxxx, tor-assistants@xxxxxxxxxxxxxx
Sender: "tor-bugs" <tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx>

#18191: .onion name collision
--------------------------+--------------------------
 Reporter:  cypherpunks   |          Owner:
     Type:  defect        |         Status:  reopened
 Priority:  Very High     |      Milestone:
Component:  Core Tor/Tor  |        Version:
 Severity:  Critical      |     Resolution:
 Keywords:                |  Actual Points:
Parent ID:                |         Points:
 Reviewer:                |        Sponsor:
--------------------------+--------------------------
Changes (by cypherpunks):

 * priority:  Immediate => Very High
 * status:  closed => reopened
 * resolution:  duplicate =>
 * severity:  Blocker => Critical


Comment:

 > This is not a problem for Tor since all an attacker might be able to do
 is create two different public keys that match the same .onion name. He
 would not be able to impersonate already existing hidden services.
 > He would not be able to impersonate already existing hidden services.

 Why not, is the public key cached somewhere? Does there take some kind of
 decentralized registration of hidden services take place?

 I find this highly unlikely because Hidden services can be created
 instantly and thousands are created each month (?)
 In order to cache or register every public key you'd need quite some disk
 space.

 Please don't just close this without proper explanation!

 And simply use (way) more than 80 bits, and a different hash algorithm.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18191#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #15951 [Core Tor/Tor]: FairPretender: Pretend as any hidden service in passive mode
Next by Author: Re: [tor-bugs] #19410 [Applications/Tor Browser]: Incremental updates from 6.0 to 6.0.1 are not working on OS X
Previous by thread: Re: [tor-bugs] #19913 [Metrics/CollecTor]: prevent OOM in CollecTor
Next by thread: Re: [tor-bugs] #18191 [Core Tor/Tor]: .onion name collision
Index(es):
- Author
- Thread