[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Finally a Cloudflare captchas workaround thanks to next-gen onion services?

On 20 February 2017 at 09:45, Georg Koppen <gk@xxxxxxxxxxxxxx> wrote:

> I don't think so as I don't see how next generation .onion services
> solve the underlying problem.

I believe they are referring to something which I have also heard from CA/B
Forum, regards SSL certificates.

There's a general perception in industry - with some justification - that

  SHA1 is bad.
  And current Onion addresses are based on SHA1.
  And they're only 80 bits, truncated SHA1.
  So current onion addresses are bad, too.
  Because a bad person could brute-force an 80 bit collision to hijack an
onion address.
  And that would be bad.
  Also, it would be way easier** than (say) social-engineering a CA to
issue a certificate to a fake or phishing site.
  Because that never** happens.

So: industry thinks that 80-bit cryptographic addresses are
brute-forceable, thus will not issue DV SSL certificates for them.  Instead
they will only permit EV certificates to be issued.

After all, having trivially** collided an 80-bit hash and set up your fake
Facebook Onion, you don't want some CA's automated
"URL-secret-cookie-reachability"-based certificate generator to blindly
issue an SSL certificate for the fake onion, thereby putting the SSL stamp
of approval on the site;  that would be bad.

Hence EV, which requires a more intimate relationship with the requester,
to mitigate this tremendous** security risk.

I suspect that the OP is pointing out that Prop224, with its 256-bit onion
addresses, will be much more resistant to brute force and therefore may be
more broadly acceptable to the trust/comms industry.


** your mileage may vary.

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to