[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] Facebook brute forcing hidden services
Hi - My name¹s Alec, I work for Facebook and am the team lead for Facebook
over Tor.
Long story short: details will come out later, but we just did the same
thing as everyone else: generated a bunch of keys with a fixed lead prefix
("facebook") and then went fishing looking for good ones.
I feel that we got tremendous lucky.
- alec
On 10/31/14, 5:23 AM, "Mike Cardwell" <tor@xxxxxxxxxxxxxxxxxx> wrote:
>https://www.facebook.com/notes/protect-the-graph/making-connections-to-fac
>ebook-more-secure/1526085754298237
>
>So Facebook have managed to brute force a hidden service key for:
>
>https://urldefense.proofpoint.com/v1/url?u=http://facebookcorewwwi.onion/&
>k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=PKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=CZ27
>H74ab0d0fF2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=df412954e11b3460e9e27ad5ae
>8cb307233465ec461aa8ca461b66a94e457dfc
>
>If they have the resources to do that, what's to stop them brute
>forcing a key for any other existing hidden service?
>
>--
>Mike Cardwell
>https://urldefense.proofpoint.com/v1/url?u=https://grepular.com/&k=ZVNjlDM
>F0FElm4dQtryO4A%3D%3D%0A&r=PKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=CZ27H74ab0d0f
>F2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=d9b3aa4ee032ade1291d78d5505c434b554
>faf83d500bf7760e23af875c29f57
>https://urldefense.proofpoint.com/v1/url?u=https://emailprivacytester.com/
>&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=PKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=CZ2
>7H74ab0d0fF2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=d21764a1dcedecaf889635ab6
>ca8300b1867a5084b7e78922ecdf0a911d9dfc4
>OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
>XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk