questions about hidden service hashes, and experiences running

Mike Perry mikepery at fscked.org
Sat Oct 15 23:28:24 PDT 2005


hidden services
User-Agent: Mutt/1.4.1i
Reply-To: or-talk at freehaven.net

Thus spake loki tiwaz (loki_tiwaz at hotmail.com):

> now, to the question which concerns me. I read in the tor spec that the
> hidden service address is an SHA1 hash of the server public key. I'm not
> sure if anyone here is aware of this (but i seriously doubt it) - SHA1 is
> now no longer secure. If the public key were equal or shorter than the
> length of the hash, this would mean that the hidden service .onion address
> could be cracked and the public key discovered, and the public key would
> then be able to be searched in the directory and the ip address revealed. I
> apologise if this is a question that has already been covered, my reading
> of the specs was not deep although i looked some ways, i couldn't discern
> whether the possibility of inverting the hash and identifying the IP
> through the directory was a possibility, so i thought i'd ask the list and
> see if anyone can answer this question. I realise that if the data used to
> generate a hash with an insecure function is longer than the hash produced
> that there is no issue. I just want to be sure about the security of the
> hidden services before i go announcing the address any further than here
> without knowing if giving this address is going to compromise my IP address
> - cos that would defeat the purpose of doing it at all.

A couple of points. First, unless I've fallen behind, SHA1 is only
broken to the point where you can generate two different arbitrary
datum and have them result to the same hash. This is not the same as
being able to "undo" SHA, or to even determine an arbitary collision
to a fixed hash. Unless I've missed something.

Second, even if this were the case, the hidden service is supposedly
only listed with the introduction points that the service connected to
through Tor. Assuming Tor remains unbroken, these Intro Points cannot
reveal the hidden service IP, and the public key of the hidden service
is not secret information anyway.

Here are some slides that illustrate the process of connecting to a
hidden service: http://www.freehaven.net/~arma/wth3.pdf

The one thing I would advise against is running your hidden service on
the same IP as your Tor server (or at least do not announce this
fact). This can leave you vulnerable to an intersection attack, where
the attacker keeps track of uptime of your hidden service and compares
it to uptime stats of the various tor servers. You only have 300-some
nodes to hide among.


Incidentally, I would like to know exactly which directory server listing
hidden services are published in. I don't see any of them in
http://belegost.seul.org/ for example..


--
Mike Perry
Mad Computer Scientist
fscked.org evil labs

----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a>
______________________________________________________________
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]





More information about the cypherpunks-legacy mailing list