Delivery-Date: Tue, 05 Aug 2014 22:55:00 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
	RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A3D6F1E0E6B;
	Tue,  5 Aug 2014 22:54:58 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 252A42F779;
	Wed,  6 Aug 2014 02:54:55 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 070072F418
 for <tor-talk@lists.torproject.org>; Wed,  6 Aug 2014 02:54:51 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id IsemaYk_aIYB for <tor-talk@lists.torproject.org>;
 Wed,  6 Aug 2014 02:54:50 +0000 (UTC)
Received: from orcus.persephoneslair.org (tor.persephoneslair.org
 [IPv6:2605:2700:0:17::4713:9bbb])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.persephoneslair.org",
 Issuer "persephoneslair.org CA (RSA-4096)" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id CCAD52EEC3
 for <tor-talk@lists.torproject.org>; Wed,  6 Aug 2014 02:54:50 +0000 (UTC)
Received: from dysnomia.persephoneslair.org ([85.182.164.202])
 by orcus.persephoneslair.org (8.14.7/8.14.7) with ESMTP id s762sjNN022931
 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK)
 for <tor-talk@lists.torproject.org>; Tue, 5 Aug 2014 19:54:47 -0700
Received: (from andrea@localhost)
 by dysnomia.persephoneslair.org (8.14.7/8.14.7/Submit) id s762scxB020726
 for tor-talk@lists.torproject.org; Tue, 5 Aug 2014 19:54:38 -0700
Date: Tue, 5 Aug 2014 19:54:38 -0700
From: Andrea Shepard <andrea@torproject.org>
To: tor-talk@lists.torproject.org
Message-ID: <20140806025438.GC31804@dysnomia.persephoneslair.org>
References: <20140805143135.GM1414@ix.home> <20140805175837.GN1414@ix.home>
 <53E12BE9.5020207@torproject.is>
MIME-Version: 1.0
In-Reply-To: <53E12BE9.5020207@torproject.is>
User-Agent: Mutt/1.5.21 (2010-09-15)
Subject: Re: [tor-talk] dutch police crawling hidden servers
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============1751563842505977833=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============1751563842505977833==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="p2kqVDKq5asng8Dg"
Content-Disposition: inline


--p2kqVDKq5asng8Dg
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Aug 05, 2014 at 03:09:29PM -0400, Andrew Lewman wrote:
> On 08/05/2014 01:58 PM, Rejo Zenger wrote:
> > How would they have done that? Of course, there are wiki's listing=20
> > hidden services, but they are most likely far from complete and I=20
> > wouldn't expect websites with hardcore child abuse to be "advertised"=
=20
> > there. So, what do you think this crawler did?
>=20
> Unfortunately, the hardcore sites are/were advertised on one of the 20+
> hidden wikis which exist at any time. The press and police only seem to
> find these sites and assume everything is just this set. There are
> seriously 20+ hidden wikis, each one claiming to be the
> original/canonical wiki.
>=20
> Given the resources of a national police force, it seems probable they
> can create a crawler to simply crawl every permutation of hidden service
> addresses on port 80 alone.
>=20
> Of course, it's easier to crawl the 20+ hidden wikis and go from there.

I seriously doubt anyone is going to be crawling the 80-bit space of HS
key hashes by brute force like that.  They'll be running some sort of
enumeration attack to gather the descriptors or a web crawler.

--=20
Andrea Shepard
<andrea@torproject.org>
PGP fingerprint (ECC): BDF5 F867 8A52 4E4A BECF  DE79 A4FF BC34 F01D D536
PGP fingerprint (RSA): 3611 95A4 0740 ED1B 7EA5  DF7E 4191 13D9 D0CF BDA5

--p2kqVDKq5asng8Dg
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20-ecc (GNU/Linux)

iKEEARMKAAYFAlPhmO0ACgkQCqXGPswvBxJygwIJAY2ZsW3tez89PH6P3rJLNkcz
xJQgag1tAKcIvlfGLuNNTaFDvpaohFQsXPJjLYV5go80RObe/ucCaRhXzPxyNa1O
Agdlzx5DMpH0rYO531cLqEumzhRplMeglQiKAzqGheb2Kecix2fmCWgL9oT0BhIj
ApXfTlL4iGvRso3sqyQMWcxVeQ==
=blL4
-----END PGP SIGNATURE-----

--p2kqVDKq5asng8Dg--

--===============1751563842505977833==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============1751563842505977833==--

