Delivery-Date: Fri, 31 Oct 2014 08:50:33 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 5247F1E0278;
	Fri, 31 Oct 2014 08:50:32 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id F17B731832;
	Fri, 31 Oct 2014 12:50:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 2E1942F83C
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 12:50:25 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id qlckBWNkD-tY for <tor-talk@lists.torproject.org>;
 Fri, 31 Oct 2014 12:50:25 +0000 (UTC)
X-Greylist: delayed 1638 seconds by postgrey-1.34 at eugeni;
 Fri, 31 Oct 2014 12:50:24 UTC
Received: from glue.grepular.com (flan.grepular.com [198.211.125.252])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mx1.grepular.com",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id DB5192E5DB
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 12:50:24 +0000 (UTC)
Received: by glue.grepular.com (Postfix, from userid 1006)
 id 6F6DE38A23A6; Fri, 31 Oct 2014 12:50:21 +0000 (GMT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=lists.grepular.com;
 s=glue2; t=1414759821;
 bh=KFQLmLECtFlTT0Z0kB48j1jxhzvihFUq92AxEC/4Pwo=;
 h=Date:From:To:Subject:References:In-Reply-To:From;
 b=g6gSH13vMpvjlmKIRWFxQ7s/ou9t94bfP/UIs8pRniwthJUmMCLthP4oKrRrku+fK
 m+sy/SrqmyQ4OxHDlgZvvSzZsqXnhMJW2wjr/ZfDEf1C9bycSM4OGy/8U3JL4m7DrM
 J1cgHyWrQj5oKcSFPL70XEj5yNaxlJ6zcA63p9wc=
X-RR: <iframe width='420' height='315'
 src='//www.youtube.com/embed/dQw4w9WgXcQ?autoplay=1' frameborder='0'
 allowfullscreen></iframe>
Date: Fri, 31 Oct 2014 12:50:21 +0000
From: Mike Cardwell <tor@lists.grepular.com>
To: tor-talk@lists.torproject.org
Message-ID: <20141031125021.GA6236@glue.grepular.com>
References: <20141031122302.GA5554@glue.grepular.com>
 <5453828B.2060401@mozilla.com> <54538361.20300@riseup.net>
 <5453843E.30500@mozilla.com>
MIME-Version: 1.0
In-Reply-To: <5453843E.30500@mozilla.com>
Subject: Re: [tor-talk] Facebook brute forcing hidden services
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: multipart/mixed; boundary="===============0731660274388879664=="
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>


--===============0731660274388879664==
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="6c2NcOVqGQ03X4Wi"
Content-Disposition: inline


--6c2NcOVqGQ03X4Wi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

* on the Fri, Oct 31, 2014 at 01:44:46PM +0100, David Rajchenbach-Teller wr=
ote:

>> tl;dr You can now log into facebook via a Hidden Service.
>>=20
>> -T
>=20
> That's the part I understood. The part I didn't understand is how this
> is related to bruteforcing.

You don't get to pick the ".onion" address. It is derived from the key
you randomly generated.

However, you can just keep generating keys over and over again until
you get one that matches what you want. People have been doing this
to choose their own prefixes for a while now, but this is the first
time I've seen somebody generate a full string of their own choosing.

If facebook can do that, then so can GCHQ and NSA. And if they can
do that, they can brute force a key which matches the .onion address
of any existing hidden service. So they can then MITM hidden services.

I don't think I'm being dramatic when I say this proves that Tor
hidden services are now completely broken. I'd like somebody to
show me that I'm wrong for some reason though...

--=20
Mike Cardwell  https://grepular.com https://emailprivacytester.com
OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4

--6c2NcOVqGQ03X4Wi
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature

-----BEGIN PGP SIGNATURE-----

iQGGBAEBCgBwBQJUU4WNMBSAAAAAACAAB3ByZWZlcnJlZC1lbWFpbC1lbmNvZGlu
Z0BwZ3AuY29tcGdwbWltZTgUgAAAAAAVABpwa2EtYWRkcmVzc0BnbnVwZy5vcmdt
aWtlLmNhcmR3ZWxsQGdyZXB1bGFyLmNvbQAKCRCdJiMBwdHnBA4jB/9Q+nxCiLYI
nWpYtqCj9bpA2gjusEipBOO4RfvqT44OlNNQKq7J1X9yvJAgh38cZpBKhxT/mYSI
CBADhWISEh8JVJv21tTHRt8a6001dddDKfN0EZcZmOhBazECV6M8Tj+U4db0zAY0
ElK7R1rKLUrvR4p3tTl6alq5mCAc1f9j2PpWYJyKtNtPyqmUwV9AcB8i2wt+F6vM
r2wG1SGIPfTY0SIZAi6bX/DE0WuiBTyFjLG5Wb5FRcR4b2kZJbp6sE//ek5jaBqp
KIHyIOrL7i8S3XaLiy1O/nEKPxIHclbgkOiWfctUsngER250mHlQZX9DPX/Cklho
EfEs1M+vijLg
=S8cw
-----END PGP SIGNATURE-----

--6c2NcOVqGQ03X4Wi--

--===============0731660274388879664==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

--===============0731660274388879664==--

