[tor-talk] Finally a Cloudflare captchas workaround thanks to next-gen onion services?

Alec Muffett alec.muffett at gmail.com
Mon Feb 20 10:19:23 UTC 2017

On 20 February 2017 at 09:45, Georg Koppen <gk at torproject.org> wrote:

> I don't think so as I don't see how next generation .onion services
> solve the underlying problem.

I believe they are referring to something which I have also heard from CA/B
Forum, regards SSL certificates.

There's a general perception in industry - with some justification - that

  SHA1 is bad.
  And current Onion addresses are based on SHA1.
  And they're only 80 bits, truncated SHA1.
  So current onion addresses are bad, too.
  Because a bad person could brute-force an 80 bit collision to hijack an
onion address.
  And that would be bad.
  Also, it would be way easier** than (say) social-engineering a CA to
issue a certificate to a fake or phishing site.
  Because that never** happens.

So: industry thinks that 80-bit cryptographic addresses are
brute-forceable, thus will not issue DV SSL certificates for them.  Instead
they will only permit EV certificates to be issued.

After all, having trivially** collided an 80-bit hash and set up your fake
Facebook Onion, you don't want some CA's automated
"URL-secret-cookie-reachability"-based certificate generator to blindly
issue an SSL certificate for the fake onion, thereby putting the SSL stamp
of approval on the site;  that would be bad.

Hence EV, which requires a more intimate relationship with the requester,
to mitigate this tremendous** security risk.

I suspect that the OP is pointing out that Prop224, with its 256-bit onion
addresses, will be much more resistant to brute force and therefore may be
more broadly acceptable to the trust/comms industry.


** your mileage may vary.


More information about the tor-talk mailing list