[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #23969 [Core Tor/Tor]: Scallion/cathugger attack on Tor
#23969: Scallion/cathugger attack on Tor
------------------------------+--------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: High | Milestone:
Component: Core Tor/Tor | Version:
Severity: Major | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------
A used scallion to search public key for "abcde*", and got
"abcdeyyyyyyyyy.onion"
A used it to host his website
B want to takedown A.
B used scallion to search public key for "abcde*", and got
"abcdeyyyyyyyyy.onion"
This is a possible attack of Tor's hidden service.
Unfortunately, V3 onion namesystem are already cracked:
github.com/cathugger/mkp224o
What can you do to stop this from happening?
How can I block other people from generating my onion's hidden key?
Why not add a protection?
"If 2nd connection tried to connect with known hostname(B), deny it and
raise error."
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23969>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs