[tor-bugs] #17957 [Tor]: Detect stolen onion service key
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Dec 29 18:55:54 UTC 2015
#17957: Detect stolen onion service key
-----------------------------+-----------------------------------
Reporter: ess2 | Owner:
Type: enhancement | Status: new
Priority: Medium | Milestone:
Component: Tor | Version:
Severity: Normal | Keywords: .onion hidden service
Actual Points: | Parent ID:
Points: | Sponsor:
-----------------------------+-----------------------------------
Would it be possible to add a detection mechanism for stolen onion service
keys?
How it could work (I know very little about Tor internals):
A HSDir could tell the tor client that someone else with the same key
announced a hidden service just minutes ago.
To determine that it was someone else, a random number could be sent with
each announcement of an onion service, and that number randomly changes
every time tor is restarted. If tor isn't restarted but the HSDir tells
the announcing tor client that a different number was used to announce the
onion service before, one could reasonably suspect that the key has been
compromised. The user could then try to rule out a false positive, and get
a new key.
It might be problematic that the HSDir can lie to .onions it doesn't like,
but as long as no automatic action but the notification is done, this
shouldn't cause much harm.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/17957>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list