[tor-talk] Let's make Onion Addresses Meaningful To Humans

grarpamp grarpamp at gmail.com
Wed Feb 29 08:38:40 UTC 2012


Mostly a summary...


> http://tools.ietf.org/html/rfc1751

http://en.wikipedia.org/wiki/S/KEY
http://en.wikipedia.org/wiki/OPIE_Authentication_System
http://en.wikipedia.org/wiki/OTPW

These still work well for simple OTP systems.

The words are also simple English.


> http://www.sinic.name/docs/bachelor.pdf

This and the proposal in the subject seems interesting but using
entire dictionaries? Who knows how to spell some of them or what
they mean. That makes things harder for the mind.


> Namecoin, which supports mapping memorable .bit addresses to
> .onion addresses. In theory, the only way to seize/censor a .bit
> address is a 51% attack.

> Namecoin supports mapping names to Tor hidden services, as well
> as I2P and Freenet sites. Obviously you need to use a Namecoin
> implementation that's a proxy instead of a DNS server, but that's
> not a big deal (nmcsocks already implements this).

It seems conceivable that world governments may choose to dislike
*coin systems and inject their own processing power to dispel them.

How does the work needed to do that stack up against attacks on
any other distributed system, or Tor itself.


> Please consider that not everyone's native language is english.

Nor is everyone's language Greek, or ASCII, 8bit or wide.


> Why not just collect onion addresses in an encrypted file?

There are about 400 known onions online at the moment. Most of which
are listed on one or two known onions. Sure, there are concerns
with bookmarking or writing them down. For those people, googling
will get them to the lists.


> Where all the other sensitive files are, and updated as needed.

Maybe the distributed system would publish on announce and eventually
reach your .tor directory.

Note that this is not the same as torproject risking listing/promotion
any given .onion (or subset) as an intro point.


> You might want to look up how they did things before DNS was
> invented.

Yes, this.


> Hmm, What do you think? Should I post this to tor-dev?

What may be driving these sorts of threads is people don't necessarily
want name encoding schemes (after all 16.onion is one suitable way
for that), but vanity names.

Is there a good encoding scheme? Or more likely, failing that...

Which distributed vanity systems could resist say 80 bits worth of
attack energy? Or alternatively, whatever = (large) x (current world
cpu power).


More information about the tor-talk mailing list