[tor-bugs] #18191 [Core Tor/Tor]: .onion name collision
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sat Aug 13 15:00:26 UTC 2016
#18191: .onion name collision
--------------------------+--------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: reopened
Priority: Very High | Milestone:
Component: Core Tor/Tor | Version:
Severity: Critical | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
--------------------------+--------------------------
Changes (by cypherpunks):
* priority: Immediate => Very High
* status: closed => reopened
* resolution: duplicate =>
* severity: Blocker => Critical
Comment:
> This is not a problem for Tor since all an attacker might be able to do
is create two different public keys that match the same .onion name. He
would not be able to impersonate already existing hidden services.
> He would not be able to impersonate already existing hidden services.
Why not, is the public key cached somewhere? Does there take some kind of
decentralized registration of hidden services take place?
I find this highly unlikely because Hidden services can be created
instantly and thousands are created each month (?)
In order to cache or register every public key you'd need quite some disk
space.
Please don't just close this without proper explanation!
And simply use (way) more than 80 bits, and a different hash algorithm.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/18191#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list