[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] onion routing MITM
Try to put up a server n run it throw tor and the generate a key with scallion for example https://github.com/lachesis/scallion , or ur favorite programming lang
a55deaba@xxxxxxxxx skrev: (26 januari 2016 19:37:24 CET)
>A CA will not validate a '.onion' address since it's not an official
>approved by ICANN. The numbers aren't random. From Wikipedia:
>"16-character alpha-semi-numeric hashes which are automatically
>based on a public key <https://en.wikipedia.org/wiki/Public_key> when a
>configured. These 16-character hashes can be made up of any letter of
>alphabet, and decimal digits from 2 to 7, thus representing an 80-bit
>number in base32 <https://en.wikipedia.org/wiki/Base32>. It is possible
>set up a human-readable .onion URL (e.g. starting with an organization
>name) by generating massive numbers of key pairs
>process that can be parallelized
><https://en.wikipedia.org/wiki/Parallelized>) until a sufficiently
>desirable URL is found."
>On Tue, Jan 26, 2016 at 1:32 PM lists.torproject.org [Masked]
>> --------------------------Blur (formerly
>> -------------------------By Abine--------------------------
>> I'm new to tor, trying to understand some stuff.
>> I understand the .onion TLD is not an officially recognized TLD, so
>> resolved by normal DNS servers. The FAQ seems to say that tor itself
>> these, not to an IP address, but to a hidden site somehow.
>> When I look at thehiddenwiki.org, I see a bunch of .onion sites, with
>> looking names. Why is this? What if someone at thehiddenwiki.org
>> registered a
>> new .onion site (for example http://somerandomletters.onion), which
>> relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)?
>> Thehiddenwiki could give me the link http://somerandomletters.org,
>> course I would never know the difference between that and
>> Without trusting a CA to validate a site name, what prevents MITM
>> I supposed to get the duckduckgo URL from a trusted friend of mine,
>> always keep it?
>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>> To unsubscribe or change other settings go to
>tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>To unsubscribe or change other settings go to
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to