[tor-talk] Choosing a name for a .onon
Gregory Maxwell
gmaxwell at gmail.com
Thu Mar 29 23:48:51 UTC 2012
On Thu, Mar 29, 2012 at 6:47 PM, Adrian Crenshaw <irongeek at irongeek.com> wrote:
> Hi all,
> I was under the impression that the .onion names for Tor Hidden Services
> were pseudo-random based on the public key. How was someone able to choose
> one/choose some character in one? As an example:
> http://silkroadvb5piz3r.onion (hope it is not against policy to post that
> link, only example I know. ) How did they choose the first 8 characters?
Using a brute force search tool like http://gitorious.org/shallot/shallot/
I'd advise against it— while I don't have a study to back me up I expect
'readable' names like that discourage good security practices— that
they cause people to use addresses (spread in that look like yours, perhaps)
without verifying the source— and when people do compare they are probably
more likely to just compare the readable parts.
sure, the computation is a bit of a barrier— but it's easier for the
attacker (who
may generate fake onions for many sites at once) then it is for the defender.
More information about the tor-talk
mailing list