[tor-dev] Future Onion Addresses and Human Factors

Jeff Burdges burdges at gnunet.org
Sun Aug 9 06:54:24 UTC 2015

> I did a
> rough calculation about a year ago of how much it would cost to buy
> ASIC miners that could 51%-attack Namecoin, and it came out to just
> under a billion USD.  

Isn't the 51% attack down to a 20ish% attack now?  

> Of course, a real-world attacker would (in my
> estimate) probably be more likely to try to compromise existing miners
> (via either technical attacks, extortion/blackmail/bribery, or legal
> pressure).  

Isn't 50ish% controlled by one organization already  Is it not a
particularly tight not organization or something?

Isn't the real world attack that you simply isolate a namecoin user from
the wider namecoin network?  That's cheap for state level attackers.  

I'd imagine OnioNS should have a massive advantage here because Tor has
pinned directory authorities, who presumably help OnioNS accurately
identify honest quorum servers. 

> An end user will be much more likely to notice when a
> Namecoin or OnioNS name changes, compared to when a .onion name
> changes.  So this isn't really a clear win for .onion -- it's a
> tradeoff, and which is more "secure" depends on which end users we're
> talking about, and what threat model we're dealing with.  

This is false.  Users must enter the .onion address from somewhere.  

If they go through a search engine, then yes the .onion address itself
is hard to remember, especially if they visit many sites.  Key poems
address this.  

If however they employ bookmarks, copy from a file, etc., and roughly
proposal 244 gets adopted, then an attacker must hack the user's
machine, hack the server, or break a curve25519 public key.

Yes, a search engine covers .onion addresses should ask users to
bookmark desirable results, as opposed to revisiting the search engine,
mostly for the protection of the search engine.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150809/dda51d15/attachment-0001.sig>

More information about the tor-dev mailing list