Delivery-Date: Fri, 31 Oct 2014 09:03:31 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED,FREEMAIL_FROM,RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID
	autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 814651E0269;
	Fri, 31 Oct 2014 09:03:29 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id D93213187D;
	Fri, 31 Oct 2014 13:03:18 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id C6BEF31878
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 13:03:15 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at eugeni.torproject.org
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id zLgZH3cnehBp for <tor-talk@lists.torproject.org>;
 Fri, 31 Oct 2014 13:03:15 +0000 (UTC)
Received: from mail-pa0-x233.google.com (mail-pa0-x233.google.com
 [IPv6:2607:f8b0:400e:c03::233])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 881AB31876
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 13:03:15 +0000 (UTC)
Received: by mail-pa0-f51.google.com with SMTP id kq14so7628087pab.24
 for <tor-talk@lists.torproject.org>; Fri, 31 Oct 2014 06:03:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:in-reply-to:references:date:message-id:subject:from:to
 :content-type; bh=MvmJM7oNyMpnEEMUFtX/++bvbrw+fyl4CFCWyfrz8SU=;
 b=nL4m0IlUUQxz6yCRPesjR4H0Y6gvdqbo54/5o/QD0WeT4/GJX/knZQEFC7WSlh+iQx
 DnNLA0kaQebw0GH/YRBkPfrNAYj/up8wOMRw/CX5+89KpgZhSra5DEI6b7GFktNT9pqb
 av4ksYTi4I0iVBk2Dgeq8plyTjLKR/56k8lpWZK06E6tFCGPephhQ2J6rYYH/FEOBNvw
 1J3Y5DJBxhFllWijYU/iHlFYymlc4T0FjunmDvVXkv1B7HaS/r0Xz4zXdYmMk9HHwujD
 OcXx63XtpMGROiA/Vf/jrkDtNqBnyF+7Gud0IBBkadoMzpz7lQoEeKFcn/Ck5vNqDQ+w
 3BMQ==
MIME-Version: 1.0
X-Received: by 10.66.221.3 with SMTP id qa3mr24376431pac.63.1414760592948;
 Fri, 31 Oct 2014 06:03:12 -0700 (PDT)
Received: by 10.70.45.9 with HTTP; Fri, 31 Oct 2014 06:03:12 -0700 (PDT)
In-Reply-To: <20141031122302.GA5554@glue.grepular.com>
References: <20141031122302.GA5554@glue.grepular.com>
Date: Fri, 31 Oct 2014 09:03:12 -0400
Message-ID: <CAMCPh3ypnuWqaSds9anhQ0p29NerOpwwPrL1vn5BOJc20QWCZw@mail.gmail.com>
From: AntiTree <antitree@gmail.com>
To: tor-talk@lists.torproject.org
X-Content-Filtered-By: Mailman/MimeDel 2.1.15
Subject: Re: [tor-talk] Facebook brute forcing hidden services
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

There are a lot of tools out there that generate vanity hidden service
addresses. Facebook merely used something like Shallot [1], or they
purchased the hidden service address off of one of the domain brokers that
are hosted as a hidden service. Generating an address does not mean
cracking an address.

[1] https://github.com/katmagic/Shallot

On Fri, Oct 31, 2014 at 8:23 AM, Mike Cardwell <tor@lists.grepular.com>
wrote:

>
> https://www.facebook.com/notes/protect-the-graph/making-connections-to-facebook-more-secure/1526085754298237
>
> So Facebook have managed to brute force a hidden service key for:
>
> http://facebookcorewwwi.onion/
>
> If they have the resources to do that, what's to stop them brute
> forcing a key for any other existing hidden service?
>
> --
> Mike Cardwell  https://grepular.com https://emailprivacytester.com
> OpenPGP Key    35BC AF1D 3AA2 1F84 3DC3   B0CF 70A5 F512 0018 461F
> XMPP OTR Key   8924 B06A 7917 AAF3 DBB1   BF1B 295C 3C78 3EF1 46B4
>
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

