Delivery-Date: Fri, 31 Oct 2014 09:02:41 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id A6A121E0269;
	Fri, 31 Oct 2014 09:02:39 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 7E28A31878;
	Fri, 31 Oct 2014 13:02:36 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id E1CE231246
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 13:02:32 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id gnKanHee3-IM for <tor-talk@lists.torproject.org>;
 Fri, 31 Oct 2014 13:02:32 +0000 (UTC)
X-Greylist: delayed 1586 seconds by postgrey-1.34 at eugeni;
 Fri, 31 Oct 2014 13:02:32 UTC
Received: from mx0b-00082601.pphosted.com (mx0b-00082601.pphosted.com
 [67.231.153.30])
 by eugeni.torproject.org (Postfix) with ESMTP id B92E82849F
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 13:02:32 +0000 (UTC)
Received: from pps.filterd (m0004077 [127.0.0.1])
 by mx0b-00082601.pphosted.com (8.14.5/8.14.5) with SMTP id s9VCRZbF018558
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 05:36:03 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fb.com;
 h=from : to : subject : date
 : message-id : references : in-reply-to : content-type : content-id :
 content-transfer-encoding : mime-version; s=facebook;
 bh=Oo9VShNC4lFaX9osa3U93kI1jMcxfp4ImWacWgkJ1tE=;
 b=ZBC6lDLZu55pYjQRtvskI9HpnCN5mXh225nKIjoAXaIA2us3s7yRVIb6OLXKl0RNhI9R
 P5GlflWJ9htQFPECVwv7ReBMhNXDrkFRv1oNJjQI46SZGCHjSDLgBY9GU9bmguV+LcuZ
 gF6JjuqIMRxwCI072LQCmQeS0Cy2IjeLr9k= 
Received: from mail.thefacebook.com ([199.201.64.23])
 by mx0b-00082601.pphosted.com with ESMTP id 1qbxy7t165-4
 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=OK)
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 05:36:03 -0700
Received: from PRN-MBX02-4.TheFacebook.com ([169.254.5.208]) by
 PRN-CHUB06.TheFacebook.com ([fe80::f073:2a60:c133:4d69%12]) with mapi id
 14.03.0195.001; Fri, 31 Oct 2014 05:35:52 -0700
From: Alec Muffett <alecm@fb.com>
To: "tor-talk@lists.torproject.org" <tor-talk@lists.torproject.org>
Thread-Topic: [tor-talk] Facebook brute forcing hidden services
Thread-Index: AQHP9QbFX6hMg//atE2ZtlJqMbgztZxKJFiA
Date: Fri, 31 Oct 2014 12:35:50 +0000
Message-ID: <D078CF97.816C%alecm@fb.com>
References: <20141031122302.GA5554@glue.grepular.com>
In-Reply-To: <20141031122302.GA5554@glue.grepular.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-originating-ip: [192.168.16.4]
Content-ID: <123BAC9A57FEB34CADFC5F5CBA83C932@fb.com>
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.12.52, 1.0.28,
 0.0.0000
 definitions=2014-10-31_05:2014-10-31,2014-10-31,1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=fb_default_notspam policy=fb_default score=0
 kscore.is_bulkscore=3.18078896555107e-14 kscore.compositescore=0
 circleOfTrustscore=1.744 compositescore=0.981666032361386
 urlsuspect_oldscore=0.981666032361386 suspectscore=0
 recipient_domain_to_sender_totalscore=0 phishscore=0 bulkscore=0
 kscore.is_spamscore=0 recipient_to_sender_totalscore=0
 recipient_domain_to_sender_domain_totalscore=218
 rbsscore=0.981666032361386 spamscore=0
 recipient_to_sender_domain_totalscore=0 urlsuspectscore=0.9 adultscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1402240000
 definitions=main-1410310120
X-FB-Internal: deliver
Subject: Re: [tor-talk] Facebook brute forcing hidden services
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

Hi - My name=B9s Alec, I work for Facebook and am the team lead for Facebook
over Tor.

Long story short: details will come out later, but we just did the same
thing as everyone else: generated a bunch of keys with a fixed lead prefix
("facebook") and then went fishing looking for good ones.

I feel that we got tremendous lucky.

    - alec

On 10/31/14, 5:23 AM, "Mike Cardwell" <tor@lists.grepular.com> wrote:

>https://www.facebook.com/notes/protect-the-graph/making-connections-to-fac
>ebook-more-secure/1526085754298237
>
>So Facebook have managed to brute force a hidden service key for:
>
>https://urldefense.proofpoint.com/v1/url?u=3Dhttp://facebookcorewwwi.onion=
/&
>k=3DZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=3DPKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=
=3DCZ27
>H74ab0d0fF2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=3Ddf412954e11b3460e9e27ad5=
ae
>8cb307233465ec461aa8ca461b66a94e457dfc
>
>If they have the resources to do that, what's to stop them brute
>forcing a key for any other existing hidden service?
>
>-- =

>Mike Cardwell  =

>https://urldefense.proofpoint.com/v1/url?u=3Dhttps://grepular.com/&k=3DZVN=
jlDM
>F0FElm4dQtryO4A%3D%3D%0A&r=3DPKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=3DCZ27H74ab=
0d0f
>F2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=3Dd9b3aa4ee032ade1291d78d5505c434b5=
54
>faf83d500bf7760e23af875c29f57
>https://urldefense.proofpoint.com/v1/url?u=3Dhttps://emailprivacytester.co=
m/
>&k=3DZVNjlDMF0FElm4dQtryO4A%3D%3D%0A&r=3DPKCvk5ihsZdnlobuFIuhTw%3D%3D%0A&m=
=3DCZ2
>7H74ab0d0fF2o5LtJoybnrPSp3tV2eaCxPdBkwxU%3D%0A&s=3Dd21764a1dcedecaf889635a=
b6
>ca8300b1867a5084b7e78922ecdf0a911d9dfc4
>OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
>XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4

-- =

tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

