Technically, it's easier to crunch "something with the word facebook and otherwise consisting only of words, whether meaningful or not" than it is to spoof a desired address. That is, they could have crunched the above and resulted in a list like: elffacebookfarts.onion bottlefacebookerr.onion facebookifred.onion facebookcorewwwi.onion And of course, the last one is the best fit. Mind you, the entropy in onion addresses is a tad low, so it's been suggested before I believe that spoofing them isn't impossible in the long run..just hard. On 31/10/14 14:58, rysiek wrote:
Hi all,
so, you've probably seen this: http://venturebeat.com/2014/10/31/facebook-announced-it-is-now-providing-dir...
Apart from being torn about the move (good on Facebook to support TOR, but I don't really feel like praising Facebook for anything I guess), there are two WTFs here: https://facebookcorewwwi.onion/
1. HTTPS to TOR Hidden Service? Why? /that's the smaller one/
2. How did they get to control 15 characters (I assume the "i" was random) in the .onion address? That's a *LOT* of number crunching. If they are able to do this, it means they are able (or are very close to) bascially spoof *any* .onion address.
Am I missing something?