[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Facebook brute forcing hidden services



There are a lot of tools out there that generate vanity hidden service
addresses. Facebook merely used something like Shallot [1], or they
purchased the hidden service address off of one of the domain brokers that
are hosted as a hidden service. Generating an address does not mean
cracking an address.

[1] https://github.com/katmagic/Shallot

On Fri, Oct 31, 2014 at 8:23 AM, Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx>
wrote:

>
> https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237
>
> So Facebook have managed to brute force a hidden service key for:
>
> http://facebookcorewwwi.onion/
>
> If they have the resources to do that, what's to stop them brute
> forcing a key for any other existing hidden service?
>
> --
> Mike Cardwell  https://grepular.com https://emailprivacytester.com
> OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
> XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4
>
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk