Encryption over Hidden Services

Robert Ransom rransom.8774 at gmail.com
Fri Aug 6 13:00:12 UTC 2010 

On Fri, 6 Aug 2010 03:07:12 -0700
Mike Perry <mikeperry at fscked.org> wrote:

> In the real world, it is disturbingly practical to compute .onion urls
> that have a significantly large number of characters in common with an
> arbitrary target url, in arbitrary positions of the url.
> 
> There was a program called 'shallot' which optimized hidden service
> key generation to accomplish exactly this using THC's Fuzzy
> Fingerprint technique. It seems to exist only in rumor and legend
> these days, but if you would like an arbitrary snapshot of the code
> that calls itself 0.0.1, I can post it somewhere.

http://taswebqlseworuhc.onion/

> It was originally created for the sake of creating vanity .onion urls.
> However, the author optimized it far enough so that the hash could
> have something like 8 characters in common with a target .onion url,
> in either the prefix, or the suffix, or both, with just a few
> machine-days of computation. Their implementation also only created
> "strong" RSA keys for the resulting .onion urls. If they allowed weak
> key generation for their targets, much more optimization was possible
> (and if your goal is to deceive a user into visiting or chatting with
> your spoofed hidden service, why not use weak keys?).

From the README file for version 0.0.3:

| On my 1.5GHz x86-machine, I get about 500k hashes/sec.
| +---------------------------------------------+
| | chars | ~number of tries | ~time @ 500 KH/s |
  [snip]
| |     6 |      32^6  =  1g |           30 min |
| |     7 |      32^7  = 32g |            1 day |
| |     8 |      32^8  =  1t |          25 days |
| |     9 |      32^9  = 32t |        2.5 years |

Also, it can search for keys whose hashes match an arbitrary regular
expression, not just keys whose hashes have specified characters at the
beginning and end.

Robert Ransom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20100806/941c99ac/attachment.pgp>

More information about the tor-dev mailing list