On Thu, Mar 29, 2012 at 6:47 PM, Adrian Crenshaw <[email protected]> wrote: > Hi all, > I was under the impression that the .onion names for Tor Hidden Services > were pseudo-random based on the public key. How was someone able to choose > one/choose some character in one? As an example: > http://silkroadvb5piz3r.onion (hope it is not against policy to post that > link, only example I know. ) How did they choose the first 8 characters?
Using a brute force search tool like http://gitorious.org/shallot/shallot/ I'd advise against it— while I don't have a study to back me up I expect 'readable' names like that discourage good security practices— that they cause people to use addresses (spread in that look like yours, perhaps) without verifying the source— and when people do compare they are probably more likely to just compare the readable parts. sure, the computation is a bit of a barrier— but it's easier for the attacker (who may generate fake onions for many sites at once) then it is for the defender. _______________________________________________ tor-talk mailing list [email protected] https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
