Encryption over Hidden Services

Fri Aug 6 13:44:08 UTC 2010

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Aug 6, 2010 at 09:00, Robert Ransom <rransom.8774 at gmail.com> wrote:
>
> On Fri, 6 Aug 2010 03:07:12 -0700
> Mike Perry <mikeperry at fscked.org> wrote:
>
> > In the real world, it is disturbingly practical to compute .onion urls
> > that have a significantly large number of characters in common with an
> > arbitrary target url, in arbitrary positions of the url.
> >
> > There was a program called 'shallot' which optimized hidden service
> > key generation to accomplish exactly this using THC's Fuzzy
> > Fingerprint technique. It seems to exist only in rumor and legend
> > these days, but if you would like an arbitrary snapshot of the code
> > that calls itself 0.0.1, I can post it somewhere.
>
> http://taswebqlseworuhc.onion/

I haven't worked on it in a while, but I wrote a Mono implementation
of a vanity onion generator as well You can find it here:
http://github.com/neoeinstein/purpleonion

The main relevant portion is under src/Por.OnionGenerator.

>
> > It was originally created for the sake of creating vanity .onion urls.
> > ...
> > (and if your goal is to deceive a user into visiting or chatting with
> > your spoofed hidden service, why not use weak keys?).
>
> Also, it can search for keys whose hashes match an arbitrary regular
> expression, not just keys whose hashes have specified characters at the
> beginning and end.
>

PurpleOnion (Por) was intended to be a full Mono implementation of
Tor, but I didn't get that far. The PurpleOnion vanity generator also
uses an arbitrary regular expression for doing its matching and uses
multi-threading. It currently just uses the Mono framework's
implementation to generate the key pairs, but could probably be
optimized by writing it's own generating functions, including using
Mono.SIMD or CUDA in some form.

I may have to pull this back out of the mothballs to continue
hammering at it and run some more tests.
- --
Marcus Griep
——
Ακακια את.ψο´, 3°
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (MingW32)

iQIcBAEBAgAGBQJMXA//AAoJEBLJ7QUyTAFmV1IP/2MC2q65VezVnebL7Jw1PeTY
S96K2rbi/NmjQrxIf6daLiAyoLQBYVb6PoLGTi85At90oKsCRuczx7SX3ulJa6Rp
TvJdDhn8HeQGNGd4QA61zJPshBbw9+aZ89qdEbqYkbxwtSBZb2Q6IXNQcTxV0OeI
LhR4fOWJxaMC8XAUqPaVWLSQM2TIlW1NrHTt/G5dZ2A0OuPu0m+NsbVHvUjmRi3l
v7LhyK7Yz57wdCmgUeSK0KK1vwQ9CdfAVrXo43I+84QX2xWGDgq2zBl2vn/6q7NI
53kyd4kZiXa8X1Tfp1oNdvKBnO3GEkmP0sUPUAuztcIlCr1Up55y8Q16sPejdo2V
3nkhX7JcYXx2Z6QqZEUhP45wWOsYxPB5CFb1fzg8OQD8KMaAKEUqkOtQIWubaHyN
vDvqu/BcJz1znidpVHYQTyWDGdfOE6+h5PBiBIt5rIji+6CjDECvv2JJlmnlbVay
neHCI0OJvyrIMEzXP6uUWQWEGYrSIbJQsdsT2nHh2ZYYWKG6gbZb/GaaMCcuwpnH
2OBB6EBF1KWMMa2I8+kfL+rINphwDYOFuwzvlJoV8BY+wvDuo2Es8v2L/yPNeF2M
/gN+Iq6lwSED1jqLC1rspq1gTIIdhC5tmx89LSyoXrTge2bZP/Z5pi+05k1n56Rc
dL65DbGZPDc4YPBy/gkz
=P1gQ
-----END PGP SIGNATURE-----