[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] onion routing MITM



26. Jan 2016 18:37 by a55deaba@xxxxxxxxx:


> A CA will not validate a '.onion' address since it's not an official TLD
> approved by ICANN.
>




I understand that.







> The numbers aren't random. From Wikipedia:Â
> "16-character alpha-semi-numeric hashes which are automatically generated
> based on a public key <> https://en.wikipedia.org/wiki/Public_key> > when a 
> hidden
> service
> <> https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services> > 
> is
> configured.




I also know what asymmetric keys and hashes are.




The question is: From a user perspective, http://3g2upl4pq6kufc4m.onion just 
looks like random characters. (And in fact, if it's a hash of a public key, 
which was originally randomly generated, then indeed these *are* random 
characters). You obviously don't want to memorize a domain name such as this, 
and as a human, you're very bad at recognizing the difference between 
http://3g2upl4pq6kufc4m.onion and http://xmh57jrzrnw6insl.onion




What prevents a person from registering a new .onion site, such as 
http://laobeqkdrj7bz9pq.onion and then relaying all its traffic to  
http://3g2upl4pq6kufc4m.onion, and trying to get people to believe that 
*they* are actually the duckduckgo .onion site?




When you see a link like  http://3g2upl4pq6kufc4m.onion somewhere on the web 
(such as thehiddenwiki.org) why would you believe it's the real URL that 
duckduckgo created, and not somebody doing a MITM?

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk