Got it. What's the behavior when two services have the same .onion address? On 31/10/14 13:50, Mike Cardwell wrote: > You don't get to pick the ".onion" address. It is derived from the key > you randomly generated. > > However, you can just keep generating keys over and over again until > you get one that matches what you want. People have been doing this > to choose their own prefixes for a while now, but this is the first > time I've seen somebody generate a full string of their own choosing. > > If facebook can do that, then so can GCHQ and NSA. And if they can > do that, they can brute force a key which matches the .onion address > of any existing hidden service. So they can then MITM hidden services. > > I don't think I'm being dramatic when I say this proves that Tor > hidden services are now completely broken. I'd like somebody to > show me that I'm wrong for some reason though... > > > -- David Rajchenbach-Teller, PhD Performance Team, Mozilla
Attachment:
signature.asc
Description: OpenPGP digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk