[tor-dev] Future Onion Addresses and Human Factors
Jeff Burdges
burdges at gnunet.org
Sun Aug 9 06:54:24 UTC 2015
> I did a
> rough calculation about a year ago of how much it would cost to buy
> ASIC miners that could 51%-attack Namecoin, and it came out to just
> under a billion USD.
Isn't the 51% attack down to a 20ish% attack now?
> Of course, a real-world attacker would (in my
> estimate) probably be more likely to try to compromise existing miners
> (via either technical attacks, extortion/blackmail/bribery, or legal
> pressure).
Isn't 50ish% controlled by one organization already Is it not a
particularly tight not organization or something?
Isn't the real world attack that you simply isolate a namecoin user from
the wider namecoin network? That's cheap for state level attackers.
I'd imagine OnioNS should have a massive advantage here because Tor has
pinned directory authorities, who presumably help OnioNS accurately
identify honest quorum servers.
> An end user will be much more likely to notice when a
> Namecoin or OnioNS name changes, compared to when a .onion name
> changes. So this isn't really a clear win for .onion -- it's a
> tradeoff, and which is more "secure" depends on which end users we're
> talking about, and what threat model we're dealing with.
This is false. Users must enter the .onion address from somewhere.
If they go through a search engine, then yes the .onion address itself
is hard to remember, especially if they visit many sites. Key poems
address this.
If however they employ bookmarks, copy from a file, etc., and roughly
proposal 244 gets adopted, then an attacker must hack the user's
machine, hack the server, or break a curve25519 public key.
Yes, a search engine covers .onion addresses should ask users to
bookmark desirable results, as opposed to revisiting the search engine,
mostly for the protection of the search engine.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20150809/dda51d15/attachment-0001.sig>
More information about the tor-dev
mailing list