On Fri, Apr 11, 2014 at 6:19 PM, Cyrus <[email protected]> wrote:
> My hidden service address may have been compromised in Heartbleed. I > can't seem to reach my own hidden service most of the time. Other > services I hope so far seem unaffected. I am curious what happens if the > same private key is used by someone else, and how an attacker might use > a private key to disable a hidden service. I am currently switching to a > new key as a precaution. Information would be greatly appreciated, > because I think someone is blocking my hidden service somehow. > To attempt to actually answer your question (don't count on this answer though, at all..) in a mostly amateur fashion: if your hidden service's long term identity private key is stolen, it might be used to create descriptors about that hidden service that point to a different set of introductory points (relays used by clients in the initial phase of trying to reach a hidden service), behind which a different server is hiding. Since they (thieves) have your HS private key, they can then full well pretend to be the HS that you've been running, and the clients would not know. I'm not sure, but I think that any experiments with this kind of attack have been minimal to nonexistent [a niche for investigation!] The speculation would be that if this happens and someone else tries to advertise a HS under the same address, it's more or less a matter of chance which descriptor is actually fetched by clients trying to reach that address. Sometimes they would reach one point and sometimes another; they would think both attempts would be valid. If the bogus hidden server is down / nothing is listening behind it (no actual application (e.g. web server)), connection attempts would simply fail at the last phase. (This reminds me to publish a very primitive and tiny script that tells you which point of the connection to a HS fails (intro point / rendezvous / application-level server), I guess this is a valid incentive to do so..) -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
