[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-talk] onion routing MITM
Try to put up a server n run it throw tor and the generate a key with scallion for example https://github.com/lachesis/scallion , or ur favorite programming lang
a55deaba@xxxxxxxxx skrev: (26 januari 2016 19:37:24 CET)
>A CA will not validate a '.onion' address since it's not an official
>TLD
>approved by ICANN. The numbers aren't random. From Wikipedia:
>
>"16-character alpha-semi-numeric hashes which are automatically
>generated
>based on a public key <https://en.wikipedia.org/wiki/Public_key> when a
>hidden
>service
><https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services>
>is
>configured. These 16-character hashes can be made up of any letter of
>the
>alphabet, and decimal digits from 2 to 7, thus representing an 80-bit
>number in base32 <https://en.wikipedia.org/wiki/Base32>. It is possible
>to
>set up a human-readable .onion URL (e.g. starting with an organization
>name) by generating massive numbers of key pairs
><https://en.wikipedia.org/wiki/Public-key_cryptography> (a
>computational
>process that can be parallelized
><https://en.wikipedia.org/wiki/Parallelized>) until a sufficiently
>desirable URL is found."[2]
><https://en.wikipedia.org/wiki/.onion#cite_note-scallion-2>[3]
><https://en.wikipedia.org/wiki/.onion#cite_note-facebook_url-3>"
>
>Cheers,
>yodablue
>
>On Tue, Jan 26, 2016 at 1:32 PM lists.torproject.org [Masked]
><FWD-737QLY3MGNAYSQFGAHIDLIAC2AJOAZ4BKBNCRYADXAICEWBKGA4GYNTQE4MCKZVAFMRQA3BHMAEPUEBAAAQA====@
>opayq.com> wrote:
>
>>
>> --------------------------Blur (formerly
>> DoNotTrackMe)---------------------------
>>
>> -------------------------By Abine--------------------------
>>
>>
>> I'm new to tor, trying to understand some stuff.
>>
>> I understand the .onion TLD is not an officially recognized TLD, so
>it's
>> not
>> resolved by normal DNS servers. The FAQ seems to say that tor itself
>> resolves
>> these, not to an IP address, but to a hidden site somehow.
>>
>> When I look at thehiddenwiki.org, I see a bunch of .onion sites, with
>> random
>> looking names. Why is this? What if someone at thehiddenwiki.org
>> registered a
>> new .onion site (for example http://somerandomletters.onion), which
>then
>> relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)?
>> Thehiddenwiki could give me the link http://somerandomletters.org,
>and of
>> course I would never know the difference between that and
>> http://3g2upl4pq6kufc4m.onion
>>
>> Without trusting a CA to validate a site name, what prevents MITM
>attacks?
>> Am
>> I supposed to get the duckduckgo URL from a trusted friend of mine,
>and
>> then
>> always keep it?
>> --
>> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>>
>--
>tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
--
Sincerly Flipchan
--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk