[tor-talk] onion routing MITM
a55deaba at opayq.com
a55deaba at opayq.com
Tue Jan 26 18:37:24 UTC 2016
A CA will not validate a '.onion' address since it's not an official TLD
approved by ICANN. The numbers aren't random. From Wikipedia:
"16-character alpha-semi-numeric hashes which are automatically generated
based on a public key <https://en.wikipedia.org/wiki/Public_key> when a hidden
service
<https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services> is
configured. These 16-character hashes can be made up of any letter of the
alphabet, and decimal digits from 2 to 7, thus representing an 80-bit
number in base32 <https://en.wikipedia.org/wiki/Base32>. It is possible to
set up a human-readable .onion URL (e.g. starting with an organization
name) by generating massive numbers of key pairs
<https://en.wikipedia.org/wiki/Public-key_cryptography> (a computational
process that can be parallelized
<https://en.wikipedia.org/wiki/Parallelized>) until a sufficiently
desirable URL is found."[2]
<https://en.wikipedia.org/wiki/.onion#cite_note-scallion-2>[3]
<https://en.wikipedia.org/wiki/.onion#cite_note-facebook_url-3>"
Cheers,
yodablue
On Tue, Jan 26, 2016 at 1:32 PM lists.torproject.org [Masked]
<FWD-737QLY3MGNAYSQFGAHIDLIAC2AJOAZ4BKBNCRYADXAICEWBKGA4GYNTQE4MCKZVAFMRQA3BHMAEPUEBAAAQA====@
opayq.com> wrote:
>
> --------------------------Blur (formerly
> DoNotTrackMe)---------------------------
>
> -------------------------By Abine--------------------------
>
>
> I'm new to tor, trying to understand some stuff.
>
> I understand the .onion TLD is not an officially recognized TLD, so it's
> not
> resolved by normal DNS servers. The FAQ seems to say that tor itself
> resolves
> these, not to an IP address, but to a hidden site somehow.
>
> When I look at thehiddenwiki.org, I see a bunch of .onion sites, with
> random
> looking names. Why is this? What if someone at thehiddenwiki.org
> registered a
> new .onion site (for example http://somerandomletters.onion), which then
> relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)?
> Thehiddenwiki could give me the link http://somerandomletters.org, and of
> course I would never know the difference between that and
> http://3g2upl4pq6kufc4m.onion
>
> Without trusting a CA to validate a site name, what prevents MITM attacks?
> Am
> I supposed to get the duckduckgo URL from a trusted friend of mine, and
> then
> always keep it?
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
More information about the tor-talk
mailing list