[tor-talk] Facebook brute forcing hidden services

[Sam Pizzey]

So called 'vanity' addresses are essentially a brute force - generating
tons of keys until you get one that starts with the prefix you want. The
difference is that 'bob1d8rhdu2h.onion' is a lot less specific than
facebookwwwi.onion - if Facebook can brute force arbitrary strings like
that, they can instead brute force, say, <address of silk road>, or
<address of David's hidden service> and then impersonate it.