[tor-talk] Facebook brute forcing hidden services
Sam Pizzey
sam at pizzey.me
Fri Oct 31 12:53:49 UTC 2014
Indeed and I hope they share too - I didn't mean to imply any knowledge of
the incident, just explaining in plain language why brute forcing is
involved, to people who are confused.
On Fri, Oct 31, 2014 at 12:50 PM, s7r <s7r at sky-ip.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> On 10/31/2014 2:47 PM, Sam Pizzey wrote:
> > So called 'vanity' addresses are essentially a brute force -
> > generating tons of keys until you get one that starts with the
> > prefix you want. The difference is that 'bob1d8rhdu2h.onion' is a
> > lot less specific than facebookwwwi.onion - if Facebook can brute
> > force arbitrary strings like that, they can instead brute force,
> > say, <address of silk road>, or <address of David's hidden service>
> > and then impersonate it.
> >
>
> It is not that simple. What makes you think they generated exactly the
> URL facebookcorewwwi.onion completely? They need to show some more
> information about how they did it... There is also a chance that they
> took a very long time to generate facebook*.
>
> As I said, only they can tell us exactly.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.22 (MingW32)
>
> iQEcBAEBAgAGBQJUU4WfAAoJEIN/pSyBJlsRC14H/ApTNz7Zscd7sTGuUheVSZbU
> 7mTyyZc88KLiFi7O9sgQeUGNNnvR2V0AFdnwxeB25A8a/fbuFNnQraSrQANU6ja9
> huJw/IMWUUhHgpJR5IAjXagwA0d1KhsuZk6pJI3ajQrI+CGh91FmrcNsVCUN71sz
> 8upP6z8qzmx3jJTYeA9CCShfiCFgzoHCT6LP+BuLcBZ4F7qmtb2vtwlrwrJBrLmB
> l+Z03sch5/FpbmlfhataOb1/TjwlmHmZKACTILNCGVhEa1PnlJYmcc/d8wRwMDTw
> k6t0mna9CcKFA8P7Cbp1pDZUgXWXMAm8pOtcmzfAB/u8fmy+qlQLlIxAa/HtFNo=
> =zHRh
> -----END PGP SIGNATURE-----
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
More information about the tor-talk
mailing list