[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Facebook brute forcing hidden services



Do you intend to extend to other darknets networks, too?

On Fri, Oct 31, 2014 at 12:35:50PM +0000, Alec Muffett wrote:
> Hi - My nameÂs Alec, I work for Facebook and am the team lead for Facebook
> over Tor.
> 
> Long story short: details will come out later, but we just did the same
> thing as everyone else: generated a bunch of keys with a fixed lead prefix
> ("facebook") and then went fishing looking for good ones.
> 
> I feel that we got tremendous lucky.
> 
>     - alec
> 
> On 10/31/14, 5:23 AM, "Mike Cardwell" <tor@xxxxxxxxxxxxxxxxxx> wrote:
> 
> >https://www.facebook.com/notes/protect-the-graph/making-connections-to-fac
> >ebook-more-secure/1526085754298237
> >
> >So Facebook have managed to brute force a hidden service key for:
> >
> >https://urldefense.proofpoint.com/v1/url?u=http://facebookcorewwwi.onion/&;
> >k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=PKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=CZ27
> >H74ab0d0fF2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=df412954e11b3460e9e27ad5ae
> >8cb307233465ec461aa8ca461b66a94e457dfc
> >
> >If they have the resources to do that, what's to stop them brute
> >forcing a key for any other existing hidden service?
> >
> >-- 
> >Mike Cardwell  
> >https://urldefense.proofpoint.com/v1/url?u=https://grepular.com/&k=ZVNjlDM
> >F0FElm4dQtryO4A%3D%3D%0A&r=PKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=CZ27H74ab0d0f
> >F2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=d9b3aa4ee032ade1291d78d5505c434b554
> >faf83d500bf7760e23af875c29f57
> >https://urldefense.proofpoint.com/v1/url?u=https://emailprivacytester.com/
> >&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=PKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=CZ2
> >7H74ab0d0fF2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=d21764a1dcedecaf889635ab6
> >ca8300b1867a5084b7e78922ecdf0a911d9dfc4
> >OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
> >XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4
> 
> -- 
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk