[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Choosing a name for a .onon

On Thu, Mar 29, 2012 at 6:47 PM, Adrian Crenshaw <irongeek@xxxxxxxxxxxx> wrote:
> Hi all,
> Â I was under the impression that the .onion names for Tor Hidden Services
> were pseudo-random based on the public key. How was someone able to choose
> one/choose some character in one? As an example:
> http://silkroadvb5piz3r.onion (hope it is not against policy to post that
> link, only example I know. ) How did they choose the first 8 characters?

Using a brute force search tool like http://gitorious.org/shallot/shallot/

I'd advise against itâ while I don't have a study to back me up I expect
'readable' names like that discourage good security practicesâ that
they cause people to use addresses (spread in that look like yours, perhaps)
without verifying the sourceâ and when people do compare they are probably
more likely to just compare the readable parts.

sure, the computation is a bit of a barrierâ but it's easier for the
attacker (who
may generate fake onions for many sites at once) then it is for the defender.
tor-talk mailing list