Re: questions about hidden service hashes, and experiences running

hidden services User-Agent: Mutt/1.4.1i Reply-To: or-talk@freehaven.net Thus spake loki tiwaz (loki_tiwaz@hotmail.com):
A couple of points. First, unless I've fallen behind, SHA1 is only broken to the point where you can generate two different arbitrary datum and have them result to the same hash. This is not the same as being able to "undo" SHA, or to even determine an arbitary collision to a fixed hash. Unless I've missed something. Second, even if this were the case, the hidden service is supposedly only listed with the introduction points that the service connected to through Tor. Assuming Tor remains unbroken, these Intro Points cannot reveal the hidden service IP, and the public key of the hidden service is not secret information anyway. Here are some slides that illustrate the process of connecting to a hidden service: http://www.freehaven.net/~arma/wth3.pdf The one thing I would advise against is running your hidden service on the same IP as your Tor server (or at least do not announce this fact). This can leave you vulnerable to an intersection attack, where the attacker keeps track of uptime of your hidden service and compares it to uptime stats of the various tor servers. You only have 300-some nodes to hide among. Incidentally, I would like to know exactly which directory server listing hidden services are published in. I don't see any of them in http://belegost.seul.org/ for example.. -- Mike Perry Mad Computer Scientist fscked.org evil labs ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]
participants (1)
-
Mike Perry