On Mon, 2015-10-26 at 20:55 -0400, micah wrote: > I actually had written a section in the original draft of the Onion S > ervices Best Practices document[0] something about avoiding vanity on > ions, specifically this is what I drafted:
If you're vanity .onion begins with a common word, like say face or silk, then there is some small risk that someone has already spent the CPU time trying to produce some, so a malicious party might obtain that existing work. I think beyond that you'd need an actual study to say anything concrete. It might depend upon the audience somewhat too, like people off the street are easy prey, but people used to observing key material do better. Are you aware of the previous discussion of key poems on this list? https://moderncrypto.org/mail-archive/messaging/2014/000125.html At CCC, George and I discussed the idea of using key poems for visualizing .onion urls. And he started a discussion about on the tor -dev list : https://lists.torproject.org/pipermail/tor-dev/2015-August/009302.html https://lists.torproject.org/pipermail/tor-dev/2015-August/thread.html# 9302 I think the important point is : If we only want the person to recognize sites they've visited before, then we can salt the derivation of the key poem or whatever, thereby making look-alike attacks hard. Jeff
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
