[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] onion routing MITM

To: <a55deaba@xxxxxxxxx>
Subject: Re: [tor-talk] onion routing MITM
From: <populationsteamsir@xxxxxxxxxxxx>
Date: Tue, 26 Jan 2016 19:09:05 +0000 (UTC)
Cc: tor-talk@xxxxxxxxxxxxxxxxxxxx
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 26 Jan 2016 14:09:25 -0500
In-reply-to: <CAG_xf59tGGQgLdH17gff7M8oYU96viXCWMgnnponfrNYr8dqJg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <K8zCB59--3-0@xxxxxxxxxxxx> <<K8zCB59--3-0@xxxxxxxxxxxx>> <CAG_xf59tGGQgLdH17gff7M8oYU96viXCWMgnnponfrNYr8dqJg@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

26. Jan 2016 18:37 by a55deaba@xxxxxxxxx:


> A CA will not validate a '.onion' address since it's not an official TLD
> approved by ICANN.
>




I understand that.







> The numbers aren't random. From Wikipedia:Â
> "16-character alpha-semi-numeric hashes which are automatically generated
> based on a public key <> https://en.wikipedia.org/wiki/Public_key> > when a 
> hidden
> service
> <> https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services> > 
> is
> configured.




I also know what asymmetric keys and hashes are.




The question is: From a user perspective, http://3g2upl4pq6kufc4m.onion just 
looks like random characters. (And in fact, if it's a hash of a public key, 
which was originally randomly generated, then indeed these *are* random 
characters). You obviously don't want to memorize a domain name such as this, 
and as a human, you're very bad at recognizing the difference between 
http://3g2upl4pq6kufc4m.onion and http://xmh57jrzrnw6insl.onion




What prevents a person from registering a new .onion site, such as 
http://laobeqkdrj7bz9pq.onion and then relaying all its traffic to  
http://3g2upl4pq6kufc4m.onion, and trying to get people to believe that 
*they* are actually the duckduckgo .onion site?




When you see a link like  http://3g2upl4pq6kufc4m.onion somewhere on the web 
(such as thehiddenwiki.org) why would you believe it's the real URL that 
duckduckgo created, and not somebody doing a MITM?

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] onion routing MITM
  - From: Green Dream
- Re: [tor-talk] onion routing MITM
  - From: Seth David Schoen

References:
- [tor-talk] onion routing MITM
  - From: populationsteamsir
- Re: [tor-talk] onion routing MITM
  - From: a55deaba

Prev by Author: [tor-talk] onion routing MITM
Next by Author: Re: [tor-talk] Warning: 37 new booby trapped onion sites
Previous by thread: Re: [tor-talk] onion routing MITM
Next by thread: Re: [tor-talk] onion routing MITM
Index(es):
- Author
- Thread