Delivery-Date: Tue, 26 Jan 2016 17:16:37 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY,
	URIBL_DBL_SPAM autolearn=no version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3A80A1E0478;
	Tue, 26 Jan 2016 17:16:35 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 67F3138DB2;
	Tue, 26 Jan 2016 22:16:30 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 8902238D9D
 for <tor-talk@lists.torproject.org>; Tue, 26 Jan 2016 22:16:26 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Izbj6t4qjzmX for <tor-talk@lists.torproject.org>;
 Tue, 26 Jan 2016 22:16:26 +0000 (UTC)
Received: from mx1.riseup.net (mx1.riseup.net [198.252.153.129])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 571D938A66
 for <tor-talk@lists.torproject.org>; Tue, 26 Jan 2016 22:16:26 +0000 (UTC)
Received: from cotinga.riseup.net (unknown [10.0.1.164])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (Client CN "*.riseup.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.riseup.net (Postfix) with ESMTPS id 1CC431A21BE;
 Tue, 26 Jan 2016 22:16:23 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak;
 t=1453846583; bh=7GTsrYlMNM4JPhrSiHBCDzgy8IsA4b+zJ4FOj280rKA=;
 h=In-Reply-To:References:Subject:From:Date:To:From;
 b=Vai28/wYuGAfCZoZHCfGiqww7iBpFJU+57JecJSx62v/dni6tuocvsr6z57eqgDWJ
 V8Yi2zV3mn9Mjsh6QGlrySEzLx97odAWuKioHiRZWjzvn5i6xdYPXsX2U4EosQNzah
 7VglwvV3SOsACJABu3ob2zR32oVo25L7Pp17gNM8=
Received: from [127.0.0.1] (localhost [127.0.0.1])
 (Authenticated sender: flipchan) with ESMTPSA id E809F40133
User-Agent: K-9 Mail for Android
In-Reply-To: <CAG_xf59tGGQgLdH17gff7M8oYU96viXCWMgnnponfrNYr8dqJg@mail.gmail.com>
References: <K8zCB59--3-0@tutanota.com>
 <CAG_xf59tGGQgLdH17gff7M8oYU96viXCWMgnnponfrNYr8dqJg@mail.gmail.com>
MIME-Version: 1.0
From: Flipchan <flipchan@riseup.net>
Date: Tue, 26 Jan 2016 23:16:08 +0100
To: tor-talk@lists.torproject.org,a55deaba@opayq.com
Message-ID: <1BA3E952-0D1F-474E-A999-77B7F9229F3D@riseup.net>
X-Virus-Scanned: clamav-milter 0.98.7 at mx1.riseup.net
X-Virus-Status: Clean
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] onion routing MITM
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Try to put up a server n run it throw tor and the generate a key with scallion for example https://github.com/lachesis/scallion , or ur favorite programming lang

a55deaba@opayq.com skrev: (26 januari 2016 19:37:24 CET)
>A CA will not validate a '.onion' address since it's not an official
>TLD
>approved by ICANN. The numbers aren't random. From Wikipedia:
>
>"16-character alpha-semi-numeric hashes which are automatically
>generated
>based on a public key <https://en.wikipedia.org/wiki/Public_key> when a
>hidden
>service
><https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services>
>is
>configured. These 16-character hashes can be made up of any letter of
>the
>alphabet, and decimal digits from 2 to 7, thus representing an 80-bit
>number in base32 <https://en.wikipedia.org/wiki/Base32>. It is possible
>to
>set up a human-readable .onion URL (e.g. starting with an organization
>name) by generating massive numbers of key pairs
><https://en.wikipedia.org/wiki/Public-key_cryptography> (a
>computational
>process that can be parallelized
><https://en.wikipedia.org/wiki/Parallelized>) until a sufficiently
>desirable URL is found."[2]
><https://en.wikipedia.org/wiki/.onion#cite_note-scallion-2>[3]
><https://en.wikipedia.org/wiki/.onion#cite_note-facebook_url-3>"
>
>Cheers,
>yodablue
>
>On Tue, Jan 26, 2016 at 1:32 PM lists.torproject.org [Masked]
><FWD-737QLY3MGNAYSQFGAHIDLIAC2AJOAZ4BKBNCRYADXAICEWBKGA4GYNTQE4MCKZVAFMRQA3BHMAEPUEBAAAQA====@
>opayq.com> wrote:
>
>>
>> --------------------------Blur (formerly
>> DoNotTrackMe)---------------------------
>> 
>> -------------------------By Abine--------------------------
>>
>>
>> I'm new to tor, trying to understand some stuff.
>>
>> I understand the .onion TLD is not an officially recognized TLD, so
>it's
>> not
>> resolved by normal DNS servers. The FAQ seems to say that tor itself
>> resolves
>> these, not to an IP address, but to a hidden site somehow.
>>
>> When I look at thehiddenwiki.org, I see a bunch of .onion sites, with
>> random
>> looking names. Why is this? What if someone at thehiddenwiki.org
>> registered a
>> new .onion site (for example http://somerandomletters.onion), which
>then
>> relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)?
>> Thehiddenwiki could give me the link http://somerandomletters.org,
>and of
>> course I would never know the difference between that and
>> http://3g2upl4pq6kufc4m.onion
>>
>> Without trusting a CA to validate a site name, what prevents MITM
>attacks?
>> Am
>> I supposed to get the duckduckgo URL from a trusted friend of mine,
>and
>> then
>> always keep it?
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

