[tor-talk] onion routing MITM

populationsteamsir at tutanota.com populationsteamsir at tutanota.com
Tue Jan 26 18:31:50 UTC 2016


I'm new to tor, trying to understand some stuff.

I understand the .onion TLD is not an officially recognized TLD, so it's not 
resolved by normal DNS servers. The FAQ seems to say that tor itself resolves 
these, not to an IP address, but to a hidden site somehow.

When I look at thehiddenwiki.org, I see a bunch of .onion sites, with random 
looking names. Why is this? What if someone at thehiddenwiki.org registered a 
new .onion site (for example http://somerandomletters.onion), which then 
relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)? 
Thehiddenwiki could give me the link http://somerandomletters.org, and of 
course I would never know the difference between that and 
http://3g2upl4pq6kufc4m.onion

Without trusting a CA to validate a site name, what prevents MITM attacks? Am 
I supposed to get the duckduckgo URL from a trusted friend of mine, and then 
always keep it?


More information about the tor-talk mailing list