[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] hi-jacking an onion address



If the user enters a onion address inside their browser tor will guarantee that you’re visiting the correct website/onion and not allow any man in the middle attacks to occur, because of the self authentication.

Sent from my iPad

> On Oct 14, 2017, at 12:47 AM, Toralf Förster <toralf.foerster@xxxxxx> wrote:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
>> On 10/14/2017 09:41 AM, Jacki M wrote:
>> Look at the Tor Rendezvous Specification rend-spec-v3.txt
>> <https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt>, the
>> onion addresses that a user enter are Self authenticating, Because the
>> onion address is the public key of the hidden service. 
>> Roger explains this in the DEF CON talk
>> here https://youtu.be/Di7qAVidy1Y?t=1124
>> Thx for the links.
> 
> My questions goes rather in the direction that by this a malicious Toir could catch all the traffic designed for the other Tor - even without encrypting it - and therefore dry-ing out that Tor.
> 
> - -- 
> Toralf
> PGP C4EACDDE 0076E94E
> -----BEGIN PGP SIGNATURE-----
> 
> iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeHA+hccdG9yYWxmLmZv
> ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTmLVAP45rHAQqOKrEO0c6RkLMAfq4xNC
> oxMXRYmdeup757OVegD+MjrxzuC2H07Nw5LkjzLFdVSzFd9cvoIundDDavyLLIw=
> =XkCV
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays@xxxxxxxxxxxxxxxxxxxx
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays