[tor-talk] Facebook brute forcing hidden services

Alec Muffett alecm at fb.com
Fri Oct 31 12:35:50 UTC 2014

Hi - My name¹s Alec, I work for Facebook and am the team lead for Facebook
over Tor.

Long story short: details will come out later, but we just did the same
thing as everyone else: generated a bunch of keys with a fixed lead prefix
("facebook") and then went fishing looking for good ones.

I feel that we got tremendous lucky.

    - alec

On 10/31/14, 5:23 AM, "Mike Cardwell" <tor at lists.grepular.com> wrote:

>So Facebook have managed to brute force a hidden service key for:
>If they have the resources to do that, what's to stop them brute
>forcing a key for any other existing hidden service?
>Mike Cardwell  
>OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
>XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4

More information about the tor-talk mailing list