[tor-talk] Finally a Cloudflare captchas workaround thanks to next-gen onion services?
grarpamp at gmail.com
Thu Feb 23 08:32:54 UTC 2017
On Tue, Feb 14, 2017 at 11:47 AM, Lolint <lolint at protonmail.com> wrote:
> One of the possible solutions that was mentioned earlier concerning Cloudflare captchas was generation .onion automatically for sites on Cloudflare to make things easier all round. However Cloudflare's CEO didn't want such solution because "weak hash used by .onion means theoretical risk you can create collision on two addresses." [https://twitter.com/eastdakota/status/710357574579650560
> Now that coming next-gen onion services will use stronger crypto that would eradicate the problem above, does that mean that we will finally see a workaround to Cloudflare's captchas?
The longest onion collision (match) I've seen actively deployed is a 10 char
prefix. That leaves headroom of about 2^29 on average, ie: at least a billion
times more work to actually generate a full collision, which isn't going
to happen, certainly not against whatever boring shit people are using
centralized onion services for... it'd be easier to find and own the service.
Finding even a simple numeric counter match to a randomly chosen 2^80
bitstring using 10k nodes @ 10GHz would take 192 years on average.
Being tired at the moment to say these numbers correct,
practically speaking, cloudflare's excuse seems a bit invalid.
Be careful that the theory of some tomorrows distant,
doesn't hold you back from building today's needed
(and importantly, modularly updateable, systems) today.
Don't guess / depend on what a corp will do for you, it probably won't.
More information about the tor-talk