[tor-talk] Facebook brute forcing hidden services

Mike Cardwell tor at lists.grepular.com
Fri Oct 31 12:50:21 UTC 2014


* on the Fri, Oct 31, 2014 at 01:44:46PM +0100, David Rajchenbach-Teller wrote:

>> tl;dr You can now log into facebook via a Hidden Service.
>> 
>> -T
> 
> That's the part I understood. The part I didn't understand is how this
> is related to bruteforcing.

You don't get to pick the ".onion" address. It is derived from the key
you randomly generated.

However, you can just keep generating keys over and over again until
you get one that matches what you want. People have been doing this
to choose their own prefixes for a while now, but this is the first
time I've seen somebody generate a full string of their own choosing.

If facebook can do that, then so can GCHQ and NSA. And if they can
do that, they can brute force a key which matches the .onion address
of any existing hidden service. So they can then MITM hidden services.

I don't think I'm being dramatic when I say this proves that Tor
hidden services are now completely broken. I'd like somebody to
show me that I'm wrong for some reason though...

-- 
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 598 bytes
Desc: Digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20141031/131ae058/attachment.sig>


More information about the tor-talk mailing list