Changes between Version 10 and Version 11 of doc/HiddenServiceNames


Ignore:
Timestamp:
Apr 23, 2010, 10:49:23 AM (9 years ago)
Author:
trac
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • doc/HiddenServiceNames

    v10 v11  
    1515If you decide to run a hidden service Tor generates an [http://en.wikipedia.org/wiki/RSA RSA-1024] keypair. The .onion name is computed as follows: first the [http://en.wikipedia.org/wiki/SHA_hash_functions SHA1] hash of the [http://en.wikipedia.org/wiki/Distinguished_Encoding_Rules DER]-encoded [http://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One ASN.1] public key is calculated. Afterwards the first half of the hash is encoded to [http://en.wikipedia.org/wiki/Base32 Base32] and the suffix ".onion" is added. Therefore .onion names can only contain the digits 2-7 and the letters a-z and are exactly 16 characters long.
    1616
    17 [#HowCreated [#]]
     17[#HowCreated [link]]
    1818
    1919
     
    2121== Why are .onion names created that way? ==
    2222
    23 The reason for using cryptic fingerprints instead of human-readable names is described in [http://zooko.com/distnames.html Zooko's Distnames]: they're self-authenticating. If a client wants to connect to a hidden service he asks the directory services for the .onion name's service descriptor which includes it's public key. If the hash of the public key matches the .onion name, the client can be sure it is will encrypt data for the right hidden service.
     23The reason for using cryptic fingerprints instead of human-readable names is described in [http://zooko.com/distnames.html Zooko's Distnames]: they are self-authenticating. If a client wants to connect to a hidden service he asks the directory services for the .onion name's service descriptor which includes its public key. If the hash of the public key matches the .onion name, the client can be sure it will encrypt data for the right hidden service.
    2424
    2525"Zooko's Triangle" which is discussed in Stiegler's [http://www.skyhunter.com/marcs/petnames/IntroPetNames.html Petname Systems] argues that names cannot be global, secure, and memorable at the same time. This means while being unique and secure, .onion names have the disadvantage that they cannot be not meaningful to humans.
    2626
    2727
    28 [#WhyCryptic [#]]
     28[#WhyCryptic [link]]
    2929
    3030
    3131[[Anchor(CompleteList)]]
    32 == Can i download a complete list of .onion names? ==
     32== Can i obtain a complete list of .onion names? ==
    3333
    3434No. Hidden services that want to be found should announce themselves on the [http://6sxoyfb3h2nvok2d.onion Hidden Wiki].
    3535
    36 [#CompleteList [#]]
     36[#CompleteList [link]]
    3737
    3838
     
    4242The output of SHA1 has a length of 160 bit. To make handling the URLs more convenient we only use the first half of the hash, so 80 bit remain. Taking advantage of the [http://en.wikipedia.org/wiki/Birthday_attack Birthday Attack], entropy can be reduced to 40 bit. That's why collisions could be found with moderate means. This is not a problem for Tor since all an attacker might be able to do is create two different public keys that match the same .onion name. He would not be able to impersonate already existing hidden services.
    4343
    44 [#Collisions [#]]
     44[#Collisions [link]]
    4545
    4646
     
    5050Names can be mimicked as described in Plasmoid's "[http://www.thc.org/papers/ffp.html Vulnerabilities in the Human Brain]". Here is how it works: many people cannot remember the whole .onion hash, nor did they write it down somewhere. Therefore they only check the first and last couple of characters and then assume it is alright.
    5151
    52 This issue has been first exploited for SSH fingerprints but can be adopted to Tor hidden services easily. E.g. the first seven characters of a specific .onion name can be computed within a day on a standard PC using programs like [http://torlandypjxiligx.onion/src/onionhash/ OnionHash]. Imagine an attacker creates a .onion name that looks similar to that one of [http://zfp44lbek54utuch.onion/ TorMail] and replaces it's hyperlink on the Hidden Wiki. How long would it take until someone would recognize?
     52This issue has been first exploited for SSH fingerprints but can be adopted to Tor hidden services easily. E.g. the first seven characters of a specific .onion name can be computed within a day on a standard PC using programs like [http://torlandypjxiligx.onion/src/onionhash/ OnionHash]. Imagine an attacker creates a .onion name that looks similar to that one of [http://zfp44lbek54utuch.onion/ TorMail] and replaces its hyperlink on the Hidden Wiki. How long would it take until someone would recognize?
    5353
    54 There's a proof-of-concept implementation for mimicked hidden services at the [http://6sxoyfb3h2nvok2d.onion/tor/TheFakeWiki Fake Wiki].
     54There is s a proof-of-concept implementation for mimicked hidden services at the [http://6sxoyfb3h2nvok2d.onion/tor/TheFakeWiki Fake Wiki].
    5555
    5656These days most people know that it is important to check the correctness of SSH or GPG fingerprints, but there is not much awareness for .onion names yet. As a counter-measure you should bookmark hidden services that need to be trusted instead of just following hyperlinks everyone can edit.
    5757
    58 [#Attacks [#]]
     58[#Attacks [link]]