[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] onion routing MITM

26. Jan 2016 18:37 by a55deaba@xxxxxxxxx:

> A CA will not validate a '.onion' address since it's not an official TLD
> approved by ICANN.

I understand that.

> The numbers aren't random. From Wikipedia:Â
> "16-character alpha-semi-numeric hashes which are automatically generated
> based on a public key <> https://en.wikipedia.org/wiki/Public_key> > when a 
> hidden
> service
> <> https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services> > 
> is
> configured.

I also know what asymmetric keys and hashes are.

The question is: From a user perspective, http://3g2upl4pq6kufc4m.onion just 
looks like random characters. (And in fact, if it's a hash of a public key, 
which was originally randomly generated, then indeed these *are* random 
characters). You obviously don't want to memorize a domain name such as this, 
and as a human, you're very bad at recognizing the difference between 
http://3g2upl4pq6kufc4m.onion and http://xmh57jrzrnw6insl.onion

What prevents a person from registering a new .onion site, such as 
http://laobeqkdrj7bz9pq.onion and then relaying all its traffic to  
http://3g2upl4pq6kufc4m.onion, and trying to get people to believe that 
*they* are actually the duckduckgo .onion site?

When you see a link like  http://3g2upl4pq6kufc4m.onion somewhere on the web 
(such as thehiddenwiki.org) why would you believe it's the real URL that 
duckduckgo created, and not somebody doing a MITM?

tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to