[tor-bugs] #23969 [Core Tor/Tor]: Scallion/cathugger attack on Tor
Tor Bug Tracker & Wiki
blackhole at torproject.org
Tue Oct 24 06:57:54 UTC 2017
#23969: Scallion/cathugger attack on Tor
------------------------------+--------------------
Reporter: cypherpunks | Owner: (none)
Type: defect | Status: new
Priority: High | Milestone:
Component: Core Tor/Tor | Version:
Severity: Major | Keywords:
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
------------------------------+--------------------
A used scallion to search public key for "abcde*", and got
"abcdeyyyyyyyyy.onion"
A used it to host his website
B want to takedown A.
B used scallion to search public key for "abcde*", and got
"abcdeyyyyyyyyy.onion"
This is a possible attack of Tor's hidden service.
Unfortunately, V3 onion namesystem are already cracked:
github.com/cathugger/mkp224o
What can you do to stop this from happening?
How can I block other people from generating my onion's hidden key?
Why not add a protection?
"If 2nd connection tried to connect with known hostname(B), deny it and
raise error."
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23969>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list