Delivery-Date: Fri, 31 Oct 2014 08:32:37 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3BF001E01B5;
	Fri, 31 Oct 2014 08:32:36 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 5E2B831560;
	Fri, 31 Oct 2014 12:32:32 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 10D063155C
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 12:32:29 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id WBcroyOiVs7K for <tor-talk@lists.torproject.org>;
 Fri, 31 Oct 2014 12:32:28 +0000 (UTC)
X-Greylist: delayed 530 seconds by postgrey-1.34 at eugeni;
 Fri, 31 Oct 2014 12:32:28 UTC
Received: from glue.grepular.com (glue.grepular.com
 [IPv6:2001:470:1f09:450:731f:e912:44e3:1001])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx1.grepular.com",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id C2A9431539
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 12:32:28 +0000 (UTC)
Received: by glue.grepular.com (Postfix, from userid 1006)
 id F0AEE38A23A6; Fri, 31 Oct 2014 12:23:02 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.grepular.com;
 s=glue2; t=1414758183;
 bh=W9xOc8jpYKQInCQDfiZ0cvkYVtslRp64IktbP0mcqQk=;
 h=Date:From:To:Subject:From;
 b=CBWyu1Z9Gxenj407WLQYbTsv/dWepLIxzauiH+oXgJglk6CzIXOtmEYFhutinQDES
 sMV3soKVXFIkyDbxayDAN/tES8UIKdgD97AiRAhdzdCAgEYkGeVmQHAizIEoDKWzkC
 KAJw8YWwCqZVuOc/ZFx5NuHderBAagPLw8AEvObU=
X-RR: <iframe width='420' height='315'
 src='//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=1' frameborder='0'
 allowfullscreen></iframe>
Date: Fri, 31 Oct 2014 12:23:02 +0000
From: Mike Cardwell <tor@lists.grepular.com>
To: tor-talk@lists.torproject.org
Message-ID: <20141031122302.GA5554@glue.grepular.com>
MIME-Version: 1.0
Subject: [tor-talk] Facebook brute forcing hidden services
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============8494174203662106848=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============8494174203662106848==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="a8Wt8u1KmwUX3Y2C"
Content-Disposition: inline


--a8Wt8u1KmwUX3Y2C
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

https://www.facebook.com/notes/protect-the-graph/making-connections-to-face=
book-more-secure/1526085754298237

So Facebook have managed to brute force a hidden service key for:

http://facebookcorewwwi.onion/=20

If they have the resources to do that, what's to stop them brute
forcing a key for any other existing hidden service?

--=20
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4

--a8Wt8u1KmwUX3Y2C
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQGGBAEBCgBwBQJUU38mMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBG+4B/sGk4kDlLJs
bP7QDJ8HzKoGSFEOjHFZ8gXeRnmsZ3WXTZN5/RLCrz3HSzZsetuTYORCtVwk7UYr
w80tkBGDDfGWvlL2MA9n9coINtIWcwG0R6LQF96oUHEJdjkxDRPTHej/lJ1uoi8o
pbsDafjQ///8ZFDkmX3aHSed7TCcvAfaZF1a5LGyX3y3sOBar/+LC4NR3okpVkd8
KozhQnf0Gp3yHdmlatYvS9D5qRSqXuuL6jzqX1k3p3w4scgRGktxkW0n9wvkjz9T
0C5M46NglCvfAbGJfYcewMiR7ENWIdlkkPMZiHVOK6oMz6+09QBJI9gWtqZ9eiuH
gMwFaBOEJisq
=8F5a
-----END PGP SIGNATURE-----

--a8Wt8u1KmwUX3Y2C--

--===============8494174203662106848==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============8494174203662106848==--

