[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Facebook brute forcing hidden services

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Facebook brute forcing hidden services
From: AFO-Admin <tor@xxxxxxxxxx>
Date: Fri, 31 Oct 2014 16:49:38 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Fri, 31 Oct 2014 11:49:50 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=afo-tm.org; s=afo-tm.org; h=sender:message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=pAbdUkPyfn1+tI3JVBSUnxlh/+F0MAE0KYaNkESfjH8=; b=HuAbBM6tb3ZXG/A/mEZWvsfT4dKkBU1ROp2w6EF9D43aDQyizS1NR0drHY89jESokp NTOhp9Fwwmbt0dGW8hQEgzkLAOe4ph8fp6sg2J7nSTmRKDAWLCZAFUzv/2W8YX2Io4JY 4RgxmSJahrw+PPZMb7BNjGQYJVMQpUO57iV2Y=
In-reply-to: <D078CF97.816C%alecm@xxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <20141031122302.GA5554@xxxxxxxxxxxxxxxxx> <D078CF97.816C%alecm@xxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi,
i really think that this is a good thing, because i think this hidden
service will get a lot attention in countries where Facebook is
blocked. So it will get one of their goals to improve hidden service
scalability and performance which is good for all of us. I hope they
share their experience with operating this hidden service with us.

Also it is nice because i can tell the next time police is knocking at
my door that now even facebook is on Tor. And they know what facebook
is and i hope they will start to accept that tor is not build for
support terror (which still some of that people that i had to talk
with think).

Thanks Facebook, keep this project alive.

Alec Muffett:
> Hi - My name¹s Alec, I work for Facebook and am the team lead for
> Facebook over Tor.
> 
> Long story short: details will come out later, but we just did the
> same thing as everyone else: generated a bunch of keys with a fixed
> lead prefix ("facebook") and then went fishing looking for good
> ones.
> 
> I feel that we got tremendous lucky.
> 
> - alec
> 
> On 10/31/14, 5:23 AM, "Mike Cardwell" <tor@xxxxxxxxxxxxxxxxxx>
> wrote:
> 
>> https://www.facebook.com/notes/protect-the-graph/making-connections-to-fac
>>
>> 
ebook-more-secure/1526085754298237
>> 
>> So Facebook have managed to brute force a hidden service key
>> for:
>> 
>> https://urldefense.proofpoint.com/v1/url?u=http://facebookcorewwwi.onion/&;
>>
>> 
k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=PKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=CZ27
>> H74ab0d0fF2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=df412954e11b3460e9e27ad5ae
>>
>> 
8cb307233465ec461aa8ca461b66a94e457dfc
>> 
>> If they have the resources to do that, what's to stop them brute 
>> forcing a key for any other existing hidden service?
>> 
>> -- Mike Cardwell 
>> https://urldefense.proofpoint.com/v1/url?u=https://grepular.com/&k=ZVNjlDM
>>
>> 
F0FElm4dQtryO4A%3D%3D%0A&r=PKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=CZ27H74ab0d0f
>> F2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=d9b3aa4ee032ade1291d78d5505c434b554
>>
>> 
faf83d500bf7760e23af875c29f57
>> https://urldefense.proofpoint.com/v1/url?u=https://emailprivacytester.com/
>>
>> 
&k=ZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=PKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=CZ2
>> 7H74ab0d0fF2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=d21764a1dcedecaf889635ab6
>>
>> 
ca8300b1867a5084b7e78922ecdf0a911d9dfc4
>> OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018
>> 461F XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78
>> 3EF1 46B4
> 
-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJUU6+SAAoJEOExTryL2+47ohgP/1bUFZzUDw1yROeDPjFozej6
1Wo0yHI9aCFERbhdB6be3zn9X7Ba2rkhjf0jslkWM51a4IzwmWRihA5qKw2O3kNl
Mwm5u+1pWqhvrPhKMmzEa3HQUEVhTy4gRQMR6kf1sodELWwG8nDbsEcy1ROLQlFL
zMCP2/RIbBUDDphJB4fnRLZA5qd0on40BXdQQEXgagp05k5+7sxA4hAvsByYaJ4M
4Aa279afdS67bkjXkSHnJIoYhVV7GgXauA4BQGaXHDppGB0aMyc6Hp1CwacQ0K86
TfxvVrt8qFyq2l0pru0OPMnzu2t/W8ojYcXrZJ7Dyrq+MrUlFVnEkJmXyRhhfbza
FVSWzcRukhlfflUJVfinCDIlKsE60Ry5s1290P+w87WO/jH0sJrV3ery+swPtixt
iKTdXvf0vNYVM8E5YoVt3qJsZbqZk0D20/WZCIjcYXecVO4e3SZ3nW6HKSOykXG6
pyITQHJenNH17GpQ7xoGhLybkolzYkPG37Mk10uaLSmwMwJ94e8ONrklzlGr5Z+s
sgPyGgqpZyuWq9BkWEyWCULzkG+AK4H/8MlbOcy513sOHFk/rm8XzR4rcL/b8Xsw
cy3WICvF1H3ASWB0nJr9G2JxjKjWpSV1By78x5z9mSKuepnxuz3UmKUB+Yo708lh
I391F4UUXZpz53jM/cDH
=ov5o
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] Facebook brute forcing hidden services
  - From: Andreas Krey

References:
- [tor-talk] Facebook brute forcing hidden services
  - From: Mike Cardwell
- Re: [tor-talk] Facebook brute forcing hidden services
  - From: Alec Muffett

Prev by Author: [tor-talk] using bridges with dns name
Next by Author: [tor-talk] Possible Whois demasking of Tor using
Previous by thread: Re: [tor-talk] Facebook brute forcing hidden services
Next by thread: Re: [tor-talk] Facebook brute forcing hidden services
Index(es):
- Author
- Thread