[tor-relays] hi-jacking an onion address

Toralf Förster toralf.foerster at gmx.de
Sat Oct 14 07:47:06 UTC 2017


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 10/14/2017 09:41 AM, Jacki M wrote:
> Look at the Tor Rendezvous Specification rend-spec-v3.txt
> <https://gitweb.torproject.org/torspec.git/tree/rend-spec-v3.txt>, the
> onion addresses that a user enter are Self authenticating, Because the
> onion address is the public key of the hidden service. 
> Roger explains this in the DEF CON talk
> here https://youtu.be/Di7qAVidy1Y?t=1124
> Thx for the links.

My questions goes rather in the direction that by this a malicious Toir could catch all the traffic designed for the other Tor - even without encrypting it - and therefore dry-ing out that Tor.

- -- 
Toralf
PGP C4EACDDE 0076E94E
-----BEGIN PGP SIGNATURE-----

iI0EAREIADUWIQQaN2+ZSp0CbxPiTc/E6s3eAHbpTgUCWeHA+hccdG9yYWxmLmZv
ZXJzdGVyQGdteC5kZQAKCRDE6s3eAHbpTmLVAP45rHAQqOKrEO0c6RkLMAfq4xNC
oxMXRYmdeup757OVegD+MjrxzuC2H07Nw5LkjzLFdVSzFd9cvoIundDDavyLLIw=
=XkCV
-----END PGP SIGNATURE-----


More information about the tor-relays mailing list