[tor-relays] hi-jacking an onion address
Jacki M
jackiam2003 at yahoo.com
Sat Oct 14 07:58:23 UTC 2017
If the user enters a onion address inside their browser tor will guarantee that you’re visiting the correct website/onion and not allow any man in the middle attacks to occur, because of the self authentication.
Sent from my iPad
> On Oct 14, 2017, at 12:47 AM, Toralf Förster <toralf.foerster at gmx.de> wrote:
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
>> On 10/14/2017 09:41 AM, Jacki M wrote:
>> Look at the Tor Rendezvous Specification rend-spec-v3.txt
>> <https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt>, the
>> onion addresses that a user enter are Self authenticating, Because the
>> onion address is the public key of the hidden service.
>> Roger explains this in the DEF CON talk
>> here https://youtu.be/Di7qAVidy1Y?t=1124
>> Thx for the links.
>
> My questions goes rather in the direction that by this a malicious Toir could catch all the traffic designed for the other Tor - even without encrypting it - and therefore dry-ing out that Tor.
>
> - --
> Toralf
> PGP C4EACDDE 0076E94E
> -----BEGIN PGP SIGNATURE-----
>
> iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeHA+hccdG9yYWxmLmZv
> ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTmLVAP45rHAQqOKrEO0c6RkLMAfq4xNC
> oxMXRYmdeup757OVegD+MjrxzuC2H07Nw5LkjzLFdVSzFd9cvoIundDDavyLLIw=
> =XkCV
> -----END PGP SIGNATURE-----
> _______________________________________________
> tor-relays mailing list
> tor-relays at lists.torproject.org
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list