> I did a > rough calculation about a year ago of how much it would cost to buy > ASIC miners that could 51%-attack Namecoin, and it came out to just > under a billion USD. Isn't the 51% attack down to a 20ish% attack now? > Of course, a real-world attacker would (in my > estimate) probably be more likely to try to compromise existing miners > (via either technical attacks, extortion/blackmail/bribery, or legal > pressure). Isn't 50ish% controlled by one organization already Is it not a particularly tight not organization or something? Isn't the real world attack that you simply isolate a namecoin user from the wider namecoin network? That's cheap for state level attackers. I'd imagine OnioNS should have a massive advantage here because Tor has pinned directory authorities, who presumably help OnioNS accurately identify honest quorum servers. > An end user will be much more likely to notice when a > Namecoin or OnioNS name changes, compared to when a .onion name > changes. So this isn't really a clear win for .onion -- it's a > tradeoff, and which is more "secure" depends on which end users we're > talking about, and what threat model we're dealing with. This is false. Users must enter the .onion address from somewhere. If they go through a search engine, then yes the .onion address itself is hard to remember, especially if they visit many sites. Key poems address this. If however they employ bookmarks, copy from a file, etc., and roughly proposal 244 gets adopted, then an attacker must hack the user's machine, hack the server, or break a curve25519 public key. Yes, a search engine covers .onion addresses should ask users to bookmark desirable results, as opposed to revisiting the search engine, mostly for the protection of the search engine.
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ tor-dev mailing list tor-dev@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev