[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-dev] Probability of Guessing a v3 Onion Address
- To: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Subject: Re: [tor-dev] Probability of Guessing a v3 Onion Address
- From: s7r <s7r@xxxxxxxxxx>
- Date: Thu, 12 Dec 2019 01:30:08 +0200
- Autocrypt: addr=s7r@xxxxxxxxxx; keydata= mQENBE9BogQBCADazBiEe0PGTgeUJ/JU4BDvdE2ZFD+MUOgf3+n78F6mXTxcLgyiE/3E4rA5 Sy3NzVRjqjzyn/MyDJDbsRpSKT6uVT5thYNyfDNBNqYmqdVS8Gu+H90z78x1WJ+DxVawk4IM mi8jmKcwlz7hOGROsR0+NyWjyghlzNHVgiJkWIvp5AVDg4F6o2oCH/vBbgomu3Ho5r7fiRZg I0uxsMLIkRI8bwB3SlVi3n4a94ZI2R9rXD9KNWzW4OT5LnICW1d/cuktwVBQRxGE6KFtVDzI chjuDWFaT9p6qROqoBRbsGF/mLg/sb26dwRxb7CnxfCWJn10ZGWo8jG6MM/QKEcxSj0JABEB AAG0NHM3ckBza3ktaXAub3JnIChBbm9ueW1pdHkgbWF0dGVycyEpIDxzN3JAc2t5LWlwLm9y Zz6JATgEEwECACIFAk9BogQCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJEIN/pSyB JlsRbkQH/jfe6F9nbwwFBo2DuNJ+Ci2IpZEco1P6rWh2l3AzG0vOD82nYJ5uFIw+0v615tW8 WWNfeIsrbCRnmOAx8NGkGsk/j+SRJb41pQ79tyxdBg7txcbT9bAdcaImYoBBp+1bnyrAaROB 1wDq0jKX09ofKrrAUWOlddASpIBG5uKMLhHe1X14lmvgGHWDPHKrw4yzBN/nNfXYr+Ayjt9s NM6JETHIgqO6uvchiT20v2/SzD3FlysROkPeoFjGWUwAqH2r7RQyDLF6EoqkrcuwvjFXiOFE nFdNRbHQsKYXPhbk2JUiFQQcdLtJg6iaoRBnhATl4V6soP2EHYn3K1bz+eYL+AS5AQ0ET0Gi BAEIAMO7MGEfdMn72SQAK0m5rcEPj3mtSRRokMHl3YBNjFbj3O4QAwjpKBJ7RuPdF9B9IDAP a7mc+f33mpIgRnxKDwkjswPk74mMQRxe2wgv4AQ7yBICYYK99e6RYP0LC1PDIGXFPLjs0Teu QAxASFvNycC5JSfQUsAI3OTQjaGUaiUfavmJYkn9B6C2ktQgvM7qbxJvLP5X02tgp4G4gNiu 8ZA3aOUdX+8EQwERJZ8CuA/R6/2M2nEO3YRCsxaYSzob7nicjfoPvyvSYu3zXRFj+3uvDOK6 AGNILmftVUoRQ6/WsNaAQX42cDfSNYQ8uZ/zgTGatO3ArNb1uqWbMdbUA5sAEQEAAYkBHwQY AQIACQUCT0GiBAIbDAAKCRCDf6UsgSZbEZjSB/41TviTCxdiS4PLSDrQ3GOmQPpWZRk/O1tv 3y6T9p0XuC/oq6kKfToKuV2/Ok+589rtmrXhjzdk2otDKCRGejJFpVoU/vfR+jokArzpwyPa TWDAhMGmf5wmEAojsiOc9Zgj/CuS5nd/eLFi4QGtbLoDLrTrQSXB4qR0zJFoQfykVaERT2dm UV/D22opJc8jo3UBOBckgGi9jBi/2OvwEiFcZSl1u9Qi4+gbINOObQF5a0h9ReZCT1BUs5FV DSXBBYZTJJ2flnZH69Mb+9KxRMyqjhRzyGDUfY73SYlCpKX9buWMl0CCsDx+GrRVSxvQnA8b aSq1wlfKsJBimGtSAqf8
- Delivered-to: archiver@xxxxxxxx
- Delivery-date: Wed, 11 Dec 2019 18:30:37 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sky-ip.org; s=20110108; t=1576107021; bh=5RtSqpZjKn58bKLAf9znpVU906WnkzSfNpApMWcov+c=; h=Reply-To:Subject:To:References:From:Date:In-Reply-To; b=UL93L3v56sTHqxmSE4KQGZr+6Mj/jhqniFWzhCEOJYgi3HVx9uXiPMNwuBgPAJ9zO FcvUWrvTpriPfkkvg32wduY334vdYfQsDMtn9k/GhcfHebBjpvkFebpbynMpZrtmtB vI8mHDd46NdYToyB+q6hX5NhJ9oyrVbrPkQeyi0M=
- In-reply-to: <e3c08998-a02b-1324-e265-9bd4cd917011@riseup.net>
- List-archive: <http://lists.torproject.org/pipermail/tor-dev/>
- List-help: <mailto:tor-dev-request@lists.torproject.org?subject=help>
- List-id: discussion regarding Tor development <tor-dev.lists.torproject.org>
- List-post: <mailto:tor-dev@lists.torproject.org>
- List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=subscribe>
- List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-dev>, <mailto:tor-dev-request@lists.torproject.org?subject=unsubscribe>
- Openpgp: preference=signencrypt
- References: <e3c08998-a02b-1324-e265-9bd4cd917011@riseup.net>
- Reply-to: tor-dev@xxxxxxxxxxxxxxxxxxxx
- Sender: "tor-dev" <tor-dev-bounces@xxxxxxxxxxxxxxxxxxxx>
- User-agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.1
procmem@xxxxxxxxxx wrote:
> Hi I was wondering what the mathematical probability of guessing an
> onion v3 address that is kept secret.
>
> Or asked differently: what is the entropy of v3 addresses if an
> adversary decides to bruteforce the entire keyspace?
>
> I am struggling to come up with a usecase for authenticated v3 services
> when keeping an address secret has the same effect and one can generate
> multiple addresses for the same server and share them with different
> entities. The degraded usability of v3 auth services compared to v2 is
> the reason I'm asking.
>
The probability is so close to 0 that we can safely assume it's
impossible. v2 addresses are 80 bit. v3 addresses are 256 bit. v3
addresses are whole ed25519 public keys base32 encoded with a checksum
and .onion at the end.
Do not be confused in comparing 80 to 256 like "just little over 3 times
stronger" because in cryptography the difference between 256 bit
security vs 80 bit security is orders of magnitude greater.
2^80 = 1208925819614629174706176
vs
2^256 = 115792089237316195423570985008687907853269984665640564039457584
007913129639936
Bruteforcing the entire keyspace of ed25519 is not something industry
standards consider practical in the real world now, or in the
foreseeable future.
However, your point is not correct. Keeping the address secret does not
have the same effect as authenticated v3. Authenticated v3 exist to
eliminate the side risks where the v3 address is not guessed (brute
forced) but accidentally (or intentionally) leaked. This can be due to
human error, malware / spyware, bug in the software using the v3
address, other kind of trojan-type operation and tons of other
possibilities. Of course one can argue that such threats as described
above can also steal the auth credentials / cookie and have the same
effect on authenticated v3, but it's at least an additional precaution.
Also, if you have multiple users, having one v3 address with
authentication is much better than multiple addresses, for the following
reasons:
- easier management
- easier to configure and easier to maintain the application behind it
(web server or whatever it is)
- less resources needed by the Tor daemon
- less load on your guard(s) / bridge(s), thus more capacity and better
experience for your clients / visitors (if you have multiple addresses
you need to maintain active introduction point circuits for all of them,
publish descriptors, etc.)
Many cons and no pro the way I see it.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________
tor-dev mailing list
tor-dev@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev