hidden services User-Agent: Mutt/1.4.1i Reply-To: or-talk@freehaven.net Thus spake loki tiwaz (loki_tiwaz@hotmail.com):

now, to the question which concerns me. I read in the tor spec that the hidden service address is an SHA1 hash of the server public key. I'm not sure if anyone here is aware of this (but i seriously doubt it) - SHA1 is now no longer secure. If the public key were equal or shorter than the length of the hash, this would mean that the hidden service .onion address could be cracked and the public key discovered, and the public key would then be able to be searched in the directory and the ip address revealed. I apologise if this is a question that has already been covered, my reading of the specs was not deep although i looked some ways, i couldn't discern whether the possibility of inverting the hash and identifying the IP through the directory was a possibility, so i thought i'd ask the list and see if anyone can answer this question. I realise that if the data used to generate a hash with an insecure function is longer than the hash produced that there is no issue. I just want to be sure about the security of the hidden services before i go announcing the address any further than here without knowing if giving this address is going to compromise my IP address - cos that would defeat the purpose of doing it at all.

A couple of points. First, unless I've fallen behind, SHA1 is only broken to the point where you can generate two different arbitrary datum and have them result to the same hash. This is not the same as being able to "undo" SHA, or to even determine an arbitary collision to a fixed hash. Unless I've missed something. Second, even if this were the case, the hidden service is supposedly only listed with the introduction points that the service connected to through Tor. Assuming Tor remains unbroken, these Intro Points cannot reveal the hidden service IP, and the public key of the hidden service is not secret information anyway. Here are some slides that illustrate the process of connecting to a hidden service: http://www.freehaven.net/~arma/wth3.pdf The one thing I would advise against is running your hidden service on the same IP as your Tor server (or at least do not announce this fact). This can leave you vulnerable to an intersection attack, where the attacker keeps track of uptime of your hidden service and compares it to uptime stats of the various tor servers. You only have 300-some nodes to hide among. Incidentally, I would like to know exactly which directory server listing hidden services are published in. I don't see any of them in http://belegost.seul.org/ for example.. -- Mike Perry Mad Computer Scientist fscked.org evil labs ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]