On 27 Feb 2017, at 23:48, nusenu nusenu@openmailbox.org wrote:
This group is still growing.
Note that the following table is _not_ sorted by FP.
The FP links these relays even across ISP, and given the FP column pattern it might be obvious what they are after.
They do not have the hsdir flag yet.
https://raw.githubusercontent.com/nusenu/tor-network-observations/master/201...
Is there a tool out there that tells me which HSDir is/will probably be responsible for a given onion address (and at what time)?
There's no tool, unless you can reverse SHA1. (Or brute-force a set of popular onion addresses.)
In short, it's the first 3 fingerprints following descriptor-id:
permanent-id = H(public-key)[:10] descriptor-id = H(permanent-id | H(time-period | descriptor-cookie | replica)) where H is SHA1.
The spec is: https://gitweb.torproject.org/torspec.git/tree/rend-spec.txt#n222 https://gitweb.torproject.org/torspec.git/tree/rend-spec.txt#n505
The implementation is: https://gitweb.torproject.org/tor.git/tree/src/or/rendcommon.c#n127
As an aside, this attack is not possible with next-generation hidden services, because the HSDir identities are hashed with the daily shared random value: https://gitweb.torproject.org/torspec.git/tree/proposals/224-rend-spec-ng.tx...
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------