Re: [tor-talk] .onion name gen
On Fri, Mar 04, 2016 at 05:24:34PM -0700, Mirimir wrote: > Right, _very_ difficult to find! > > But, let's say that one were found. Or occurred by chance. Am I correct > that HSdirs would go with the server that had announced most recently? Yes. http://tor.stackexchange.com/questions/13/can-a-hidden-service-be-hosted-by-multiple-instances-of-tor/24#24 --Roger -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] .onion name gen
On 03/04/2016 05:10 PM, Seth David Schoen wrote: > Scfith Rise up writes: > >> I'm pretty sure that the onion address is generated directly from the >> private key, at least if you have every played around with scallion or >> eschalot. So what you just wrote doesn't apply in that way. But again, I >> could be wrong. > > Mirimir's reference at > > https://trac.torproject.org/projects/tor/wiki/doc/HiddenServiceNames > > shows that they are truncated SHA-1 hashes, 80 bits in length, of "the > DER-encoded ASN.1 public key" of "an RSA-1024 keypair". > > So you have the space of public keys (indeed, it's considerably less than > 1024 bits if you want to actually be able to use it as a keypair) and the > space of 80-bit truncated hashes, and the former is dramatically larger > than the latter. So over the entire space of keys, collisions are not > just possible but are required and even extremely frequent. On the other > hand, they're so difficult to find that nobody knows a single example! Right, _very_ difficult to find! But, let's say that one were found. Or occurred by chance. Am I correct that HSdirs would go with the server that had announced most recently? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] .onion name gen
Scfith Rise up writes: > I'm pretty sure that the onion address is generated directly from the private > key, at least if you have every played around with scallion or eschalot. So > what you just wrote doesn't apply in that way. But again, I could be wrong. Mirimir's reference at https://trac.torproject.org/projects/tor/wiki/doc/HiddenServiceNames shows that they are truncated SHA-1 hashes, 80 bits in length, of "the DER-encoded ASN.1 public key" of "an RSA-1024 keypair". So you have the space of public keys (indeed, it's considerably less than 1024 bits if you want to actually be able to use it as a keypair) and the space of 80-bit truncated hashes, and the former is dramatically larger than the latter. So over the entire space of keys, collisions are not just possible but are required and even extremely frequent. On the other hand, they're so difficult to find that nobody knows a single example! -- Seth SchoenSenior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] .onion name gen
So it's not who is already published in the list but whoever has published most recently? Very confused now. Seems like that works completely backwards from how it should. > On Mar 4, 2016, at 4:05 PM, Mirimirwrote: > >> On 03/04/2016 01:39 PM, Scfith Rise up wrote: >> It _would_ be the same private key. Good luck with generating 1.2 >> septillion permutations (16^32). > > That's not what I get from > https://trac.torproject.org/projects/tor/wiki/doc/HiddenServiceNames. > SHA1 collisions are possible. > >> But could be doable in a few years so to answer your question, I >> believe there can only be one published in the HSDIR, so first come >> first served. Facebook's would have to be DDOS / shutdown and then >> the forged one can be spun up and published. > > As I understand it, what matters is which one announced most recently. > >> Please correct me if I'm wrong as I've only been researching Tor since 2015. >> On Mar 4, 2016, at 3:23 PM, Mirimir wrote: > On 03/04/2016 01:03 PM, Andreas Krey wrote: > On Fri, 04 Mar 2016 19:55:01 +, Flipchan wrote: > IF i generate a .onion domain , isnt there a risk that someone can > generate the same domain? I mean anyone can generate .onion domains and > IF i got an easy .onion address then some could easily generate that rsa > key right? There is no 'easy' onion address, only ones that look like they are. Faking facebookcorewwwi takes the same effort as any other. Getting an onion that starts with facebook but does not end in corewwwi is much easier (by the factor 1099511627775), but that is true for any other eight character prefix as well. Andreas >>> >>> OK, but let's say that someone got facebookcorewwwi.onion, running >>> scallion on some mega-GPU monster. It's hugely improbable, I know. And >>> they'd have a different private key, of course. But how would Tor handle >>> that? Would it work like running multiple onion copies does now? That >>> is, would they compete for HSDir priority? >>> -- >>> tor-talk mailing list - tor-talk@lists.torproject.org >>> To unsubscribe or change other settings go to >>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] .onion name gen
I'm pretty sure that the onion address is generated directly from the private key, at least if you have every played around with scallion or eschalot. So what you just wrote doesn't apply in that way. But again, I could be wrong. > On Mar 4, 2016, at 3:52 PM, Seth David Schoenwrote: > > Scfith Rise up writes: > >> It _would_ be the same private key. Good luck with generating 1.2 septillion >> permutations (16^32). > > This would be true if the public key were used directly as the onion name > (which might be possible in certain elliptic curve systems because keys > are so small). > > But in this case, the onion name is calculated from a hash of the public > key, and the size of the hash is much smaller than the size of the > underlying pubkey (80 bits vs. 1024 bits). The pigeonhole principle > requires that many, many different pubkeys must have the same hash -- > on average, about 2⁹⁴⁴ pubkeys would have the same hash. When you > get a perfect collision from scallion, after doing that 2⁸⁰ work > (analogous to about 11 days of entire work of the Bitcoin network -- > which you can think of as surprisingly much or surprisingly little work), > you're still astronomically unlikely to have the same private key! > > -- > Seth Schoen > Senior Staff Technologist https://www.eff.org/ > Electronic Frontier Foundation https://www.eff.org/join > 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] .onion name gen
Scfith Rise up writes: > It _would_ be the same private key. Good luck with generating 1.2 septillion > permutations (16^32). This would be true if the public key were used directly as the onion name (which might be possible in certain elliptic curve systems because keys are so small). But in this case, the onion name is calculated from a hash of the public key, and the size of the hash is much smaller than the size of the underlying pubkey (80 bits vs. 1024 bits). The pigeonhole principle requires that many, many different pubkeys must have the same hash -- on average, about 2⁹⁴⁴ pubkeys would have the same hash. When you get a perfect collision from scallion, after doing that 2⁸⁰ work (analogous to about 11 days of entire work of the Bitcoin network -- which you can think of as surprisingly much or surprisingly little work), you're still astronomically unlikely to have the same private key! -- Seth SchoenSenior Staff Technologist https://www.eff.org/ Electronic Frontier Foundation https://www.eff.org/join 815 Eddy Street, San Francisco, CA 94109 +1 415 436 9333 x107 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] .onion name gen
It _would_ be the same private key. Good luck with generating 1.2 septillion permutations (16^32). But could be doable in a few years so to answer your question, I believe there can only be one published in the HSDIR, so first come first served. Facebook's would have to be DDOS / shutdown and then the forged one can be spun up and published. Please correct me if I'm wrong as I've only been researching Tor since 2015. > On Mar 4, 2016, at 3:23 PM, Mirimirwrote: > >> On 03/04/2016 01:03 PM, Andreas Krey wrote: >>> On Fri, 04 Mar 2016 19:55:01 +, Flipchan wrote: >>> IF i generate a .onion domain , isnt there a risk that someone can generate >>> the same domain? I mean anyone can generate .onion domains and IF i got an >>> easy .onion address then some could easily generate that rsa key right? >> >> There is no 'easy' onion address, only ones that look like they >> are. Faking facebookcorewwwi takes the same effort as any other. >> Getting an onion that starts with facebook but does not end in >> corewwwi is much easier (by the factor 1099511627775), but that >> is true for any other eight character prefix as well. >> >> Andreas > > OK, but let's say that someone got facebookcorewwwi.onion, running > scallion on some mega-GPU monster. It's hugely improbable, I know. And > they'd have a different private key, of course. But how would Tor handle > that? Would it work like running multiple onion copies does now? That > is, would they compete for HSDir priority? > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] .onion name gen
On 03/04/2016 01:03 PM, Andreas Krey wrote: > On Fri, 04 Mar 2016 19:55:01 +, Flipchan wrote: >> IF i generate a .onion domain , isnt there a risk that someone can generate >> the same domain? I mean anyone can generate .onion domains and IF i got an >> easy .onion address then some could easily generate that rsa key right? > > There is no 'easy' onion address, only ones that look like they > are. Faking facebookcorewwwi takes the same effort as any other. > Getting an onion that starts with facebook but does not end in > corewwwi is much easier (by the factor 1099511627775), but that > is true for any other eight character prefix as well. > > Andreas OK, but let's say that someone got facebookcorewwwi.onion, running scallion on some mega-GPU monster. It's hugely improbable, I know. And they'd have a different private key, of course. But how would Tor handle that? Would it work like running multiple onion copies does now? That is, would they compete for HSDir priority? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] .onion name gen
On Fri, 04 Mar 2016 19:55:01 +, Flipchan wrote: > IF i generate a .onion domain , isnt there a risk that someone can generate > the same domain? I mean anyone can generate .onion domains and IF i got an > easy .onion address then some could easily generate that rsa key right? There is no 'easy' onion address, only ones that look like they are. Faking facebookcorewwwi takes the same effort as any other. Getting an onion that starts with facebook but does not end in corewwwi is much easier (by the factor 1099511627775), but that is true for any other eight character prefix as well. Andreas -- "Totally trivial. Famous last words." From: Linus TorvaldsDate: Fri, 22 Jan 2010 07:29:21 -0800 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] .onion name gen
Hi, creating a 1:1 copy of an onion key is very hard. You need much luck or computing power to generate a key with the exact same hash as the key you want to copy. With modern computers and graphic cards it's very easy to find a key with the same 4 digits but a whole 1:1 copy seems to be impossible at the moment. The README describes the problem a bit: https://github.com/lachesis/scallion ~Josef signature.asc Description: OpenPGP digital signature -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] .onion name gen
IF i generate a .onion domain , isnt there a risk that someone can generate the same domain? I mean anyone can generate .onion domains and IF i got an easy .onion address then some could easily generate that rsa key right? -- Sincerly Flipchan -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Tor Browser Custom Intro Page Fingerprintability
AFAIK for trademark reasons TPO recommends that distros built around Tor Browser show a custom intro page upon Tor Browser start up to users (which we do in Whonix). Is this custom page detectable by websites a user visits (with a malicious JS script for example)? If successful this attack has the effect of partitioning Whonix TBB users and everyone else. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk