Re: [tor-talk] onion routing MITM

[Flipchan]

Try to put up a server n run it throw tor and the generate a key with scallion 
for example https://github.com/lachesis/scallion , or ur favorite programming 
lang

a55de...@opayq.com skrev: (26 januari 2016 19:37:24 CET)
>A CA will not validate a '.onion' address since it's not an official
>TLD
>approved by ICANN. The numbers aren't random. From Wikipedia:
>
>"16-character alpha-semi-numeric hashes which are automatically
>generated
>based on a public key  when a
>hidden
>service
>
>is
>configured. These 16-character hashes can be made up of any letter of
>the
>alphabet, and decimal digits from 2 to 7, thus representing an 80-bit
>number in base32 . It is possible
>to
>set up a human-readable .onion URL (e.g. starting with an organization
>name) by generating massive numbers of key pairs
> (a
>computational
>process that can be parallelized
>) until a sufficiently
>desirable URL is found."[2]
>[3]
>"
>
>Cheers,
>yodablue
>
>On Tue, Jan 26, 2016 at 1:32 PM lists.torproject.org [Masked]
>opayq.com> wrote:
>
>>
>> --Blur (formerly
>> DoNotTrackMe)---
>> 
>> -By Abine--
>>
>>
>> I'm new to tor, trying to understand some stuff.
>>
>> I understand the .onion TLD is not an officially recognized TLD, so
>it's
>> not
>> resolved by normal DNS servers. The FAQ seems to say that tor itself
>> resolves
>> these, not to an IP address, but to a hidden site somehow.
>>
>> When I look at thehiddenwiki.org, I see a bunch of .onion sites, with
>> random
>> looking names. Why is this? What if someone at thehiddenwiki.org
>> registered a
>> new .onion site (for example http://somerandomletters.onion), which
>then
>> relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)?
>> Thehiddenwiki could give me the link http://somerandomletters.org,
>and of
>> course I would never know the difference between that and
>> http://3g2upl4pq6kufc4m.onion
>>
>> Without trusting a CA to validate a site name, what prevents MITM
>attacks?
>> Am
>> I supposed to get the duckduckgo URL from a trusted friend of mine,
>and
>> then
>> always keep it?
>> --
>> tor-talk mailing list - tor-talk@lists.torproject.org
>> To unsubscribe or change other settings go to
>> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>>
>>
>-- 
>tor-talk mailing list - tor-talk@lists.torproject.org
>To unsubscribe or change other settings go to
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

-- 
Sincerly Flipchan
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] onion routing MITM

[Coyo Stormcaller]

On Tue, 26 Jan 2016 18:31:50 + (UTC)
 wrote:

> When I look at thehiddenwiki.org, I see a bunch of .onion sites, with
> random looking names. Why is this? What if someone at
> thehiddenwiki.org registered a new .onion site (for example
> http://somerandomletters.onion), which then relayed traffic to
> duck-duck-go (http://3g2upl4pq6kufc4m.onion)? Thehiddenwiki could
> give me the link http://somerandomletters.org, and of course I would
> never know the difference between that and
> http://3g2upl4pq6kufc4m.onion

What?
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] onion routing MITM

[Seth David Schoen]

populationsteam...@tutanota.com writes:

> The question is: From a user perspective, http://3g2upl4pq6kufc4m.onion just 
> looks like random characters. (And in fact, if it's a hash of a public key, 
> which was originally randomly generated, then indeed these *are* random 
> characters). You obviously don't want to memorize a domain name such as this, 
> and as a human, you're very bad at recognizing the difference between 
> http://3g2upl4pq6kufc4m.onion and http://xmh57jrzrnw6insl.onion

In the Zooko's Triangle sense, Tor hidden service names are secure and
decentralized, but not human-meaningful (or human-memorable).

https://en.wikipedia.org/wiki/Zooko's_triangle

That is to say that Tor hasn't tried to solve the problem you mention
at all.  The answer seems to be that you're supposed to get the names
somewhere else and store them in something other than your human memory.
This is in common with a few other designs that use representations
of crypto keys directly (for example, PGP and Bitcoin) and where
someone could try to trick you into using a key that isn't really the
right one.  In the PGP example, someone has uploaded a fake key with my
name and e-mail address to the keyservers (several years ago), which has
already fooled a number of people because they couldn't or didn't readily
distinguish my real key from the fake key, both of which are just numbers
that someone on the Internet has claimed are relevant to contacting me.

If you have ideas for making this more convenient, I'm sure they would
be welcome.  Aaron Swartz proposed in 2011 that blockchains and related
systems could solve it by letting people publicly announce claims to
(human-memorable) names in an append-only log.

http://www.aaronsw.com/weblog/squarezooko

There are some implementations of related ideas, like okTurtles, but
none is extremely widely used yet.

> What prevents a person from registering a new .onion site, such as 
> http://laobeqkdrj7bz9pq.onion and then relaying all its traffic to  
> http://3g2upl4pq6kufc4m.onion, and trying to get people to believe that 
> *they* are actually the duckduckgo .onion site?

Indeed, Juha Nurmi described earlier today that people are doing exactly
that right now, probably with some success.

https://lists.torproject.org/pipermail/tor-talk/2016-January/040038.html

-- 
Seth Schoen  
Senior Staff Technologist   https://www.eff.org/
Electronic Frontier Foundation  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109   +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] onion routing MITM

[Paul Syverson]

Probably should also have noted wrt the original question
that for people who use PGP/GPG there are things that can be done
now and onionsites that do make use of that. Cf.

See
"Bake in .onion for Tear-free and Stronger Website Authentication"
https://github.com/saint/w2sp-2015/blob/master/SP_SPSI-2015-09-0170.R1_Syverson.pdf
for a description of both how people are using GPG now, and for
the situation and plans for certs in the future.

See also Juha Nurmi's related post to this list about booby trapped
onion sites.

aloha,
Paul


On Tue, Jan 26, 2016 at 02:04:54PM -0500, Paul Syverson wrote:
> This is false. 
> 
> First of all '.onion' is an officially recognized reserved top level
> domain according to IETF RFC 7686.
> 
> Second, a CA _will_ validate a .onion address, but only to provide an
> EV (extended validation) Cert. EV Certs are typically only
> had by big companies etc. Typical browsers represent an EV cert by
> showing the lock icon in green. Facebook and a couple of other entities
> do have certs for their .onion addresses. Most .onion site operators are
> likely to want DV (domain validation) certs, which are currently not
> permitted under the guidelines of the CA/Browser Forum.
> 
> That is the current state of things, which is different from how things
> were several months ago and will probably change again at some point.
> 
> aloha,
> Paul
> 
> On Tue, Jan 26, 2016 at 06:37:24PM +, a55de...@opayq.com wrote:
> > A CA will not validate a '.onion' address since it's not an official TLD
> > approved by ICANN. The numbers aren't random. From Wikipedia:
> > 
> > "16-character alpha-semi-numeric hashes which are automatically generated
> > based on a public key  when a 
> > hidden
> > service
> >  is
> > configured. These 16-character hashes can be made up of any letter of the
> > alphabet, and decimal digits from 2 to 7, thus representing an 80-bit
> > number in base32 . It is possible to
> > set up a human-readable .onion URL (e.g. starting with an organization
> > name) by generating massive numbers of key pairs
> >  (a computational
> > process that can be parallelized
> > ) until a sufficiently
> > desirable URL is found."[2]
> > [3]
> > "
> > 
> > Cheers,
> > yodablue
> > 
> > On Tue, Jan 26, 2016 at 1:32 PM lists.torproject.org [Masked]
> >  > opayq.com> wrote:
> > 
> > >
> > > --Blur (formerly
> > > DoNotTrackMe)---
> > > 
> > > -By Abine--
> > >
> > >
> > > I'm new to tor, trying to understand some stuff.
> > >
> > > I understand the .onion TLD is not an officially recognized TLD, so it's
> > > not
> > > resolved by normal DNS servers. The FAQ seems to say that tor itself
> > > resolves
> > > these, not to an IP address, but to a hidden site somehow.
> > >
> > > When I look at thehiddenwiki.org, I see a bunch of .onion sites, with
> > > random
> > > looking names. Why is this? What if someone at thehiddenwiki.org
> > > registered a
> > > new .onion site (for example http://somerandomletters.onion), which then
> > > relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)?
> > > Thehiddenwiki could give me the link http://somerandomletters.org, and of
> > > course I would never know the difference between that and
> > > http://3g2upl4pq6kufc4m.onion
> > >
> > > Without trusting a CA to validate a site name, what prevents MITM attacks?
> > > Am
> > > I supposed to get the duckduckgo URL from a trusted friend of mine, and
> > > then
> > > always keep it?
> > > --
> > > tor-talk mailing list - tor-talk@lists.torproject.org
> > > To unsubscribe or change other settings go to
> > > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> > >
> > >
> > -- 
> > tor-talk mailing list - tor-talk@lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] onion routing MITM

[populationsteamsir]

26. Jan 2016 18:37 by a55de...@opayq.com:


> A CA will not validate a '.onion' address since it's not an official TLD
> approved by ICANN.
>




I understand that.







> The numbers aren't random. From Wikipedia: 
> "16-character alpha-semi-numeric hashes which are automatically generated
> based on a public key <> https://en.wikipedia.org/wiki/Public_key> > when a 
> hidden
> service
> <> https://en.wikipedia.org/wiki/Tor_(anonymity_network)#Hidden_services> > 
> is
> configured.




I also know what asymmetric keys and hashes are.




The question is: From a user perspective, http://3g2upl4pq6kufc4m.onion just 
looks like random characters. (And in fact, if it's a hash of a public key, 
which was originally randomly generated, then indeed these *are* random 
characters). You obviously don't want to memorize a domain name such as this, 
and as a human, you're very bad at recognizing the difference between 
http://3g2upl4pq6kufc4m.onion and http://xmh57jrzrnw6insl.onion




What prevents a person from registering a new .onion site, such as 
http://laobeqkdrj7bz9pq.onion and then relaying all its traffic to  
http://3g2upl4pq6kufc4m.onion, and trying to get people to believe that 
*they* are actually the duckduckgo .onion site?




When you see a link like  http://3g2upl4pq6kufc4m.onion somewhere on the web 
(such as thehiddenwiki.org) why would you believe it's the real URL that 
duckduckgo created, and not somebody doing a MITM?

-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] onion routing MITM

[Green Dream]

> What prevents a person from registering a new .onion site, such as
> http://laobeqkdrj7bz9pq.onion and then relaying all its traffic to
> http://3g2upl4pq6kufc4m.onion, and trying to get people to believe that
> *they* are actually the duckduckgo .onion site?


Nothing.

> When you see a link like  http://3g2upl4pq6kufc4m.onion somewhere on the
web
> (such as thehiddenwiki.org) why would you believe it's the real URL that
> duckduckgo created, and not somebody doing a MITM?

Well, I'd query duckduckgo for its hidden service URL in the clearnet
first. If you just search "duckduckgo hidden service" on their clearnet
site, there's a magic/onebox answer with a link to the official onion site.
;-)

The larger point is valid though. I feel like this is actually a huge
problem with the current state of hidden services. Try figuring out which
.onion site is the "real" Hidden Wiki for example.

I'll admit I barely use hidden services for this very reason.
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] onion routing MITM

[Seth David Schoen]

populationsteam...@tutanota.com writes:

> I'm new to tor, trying to understand some stuff.
> 
> I understand the .onion TLD is not an officially recognized TLD, so it's not 
> resolved by normal DNS servers. The FAQ seems to say that tor itself resolves 
> these, not to an IP address, but to a hidden site somehow.
> 
> When I look at thehiddenwiki.org, I see a bunch of .onion sites, with random 
> looking names. Why is this? What if someone at thehiddenwiki.org registered a 
> new .onion site (for example http://somerandomletters.onion), which then 
> relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)? 
> Thehiddenwiki could give me the link http://somerandomletters.org, and of 
> course I would never know the difference between that and 
> http://3g2upl4pq6kufc4m.onion

The hidden service name isn't chosen directly by the hidden service
operator and you can't just make one up and start using it.  Instead,
it's derived from the hidden service's cryptographic public key.
Tor checks that the public key matches when you're connecting to the
hidden service, so someone can't simply substitute their own service
without knowing the corresponding private key.

In effect, the crypto key is used as a name (or identifier), which
provides an intrinsic cryptographic way to know whether you're talking to
someone who has the right to use that name (or is properly referred to by
it), assuming hidden service operators can keep their private keys secret.

Somewhat confusingly, people do manage to make their hidden services
start with strings of their choice, but they do this by generating
enormous numbers of different keys over and over again until they get
one that they like.  Despite that, it takes an exponentially-increasing
number of attempts for each additional character of the onion name that
you want to control, so even if Facebook can get one that starts with
"facebook" (as they did), we don't tend to think anyone* has the time
or computational resources to be able to choose the entire onion name,
for example to choose one that matches an existing one controlled by
somebody else.  For instance, even if I had generated an onion name
beginning "3g2upl4", it would take me about 32 times as much work to get
one beginning "3g2upl4p", 1024 times as much work to get one beginning
"3g2upl4pq", 32768 times as much work to get one beginning "3g2upl4pq6",
and overall 35184372088832 times as much to get one that exactly matches
DuckDuckGo's onion name.

> Am I supposed to get the duckduckgo URL from a trusted friend of mine, and 
> then 
> always keep it?

Yes, or from DuckDuckGo's regular site.

https://duck.co/help/privacy/no-tracking


* The Bitcoin network is doing quite a bit more computation, in total,
  than this per year, so it's actually conceivable that someone with a
  very large amount of money to spend on custom hardware could do this.
  So the next generation of Tor hidden services will use a longer
  onion name.

-- 
Seth Schoen  
Senior Staff Technologist   https://www.eff.org/
Electronic Frontier Foundation  https://www.eff.org/join
815 Eddy Street, San Francisco, CA  94109   +1 415 436 9333 x107
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] onion routing MITM

[Paul Syverson]

This is false. 

First of all '.onion' is an officially recognized reserved top level
domain according to IETF RFC 7686.

Second, a CA _will_ validate a .onion address, but only to provide an
EV (extended validation) Cert. EV Certs are typically only
had by big companies etc. Typical browsers represent an EV cert by
showing the lock icon in green. Facebook and a couple of other entities
do have certs for their .onion addresses. Most .onion site operators are
likely to want DV (domain validation) certs, which are currently not
permitted under the guidelines of the CA/Browser Forum.

That is the current state of things, which is different from how things
were several months ago and will probably change again at some point.

aloha,
Paul

On Tue, Jan 26, 2016 at 06:37:24PM +, a55de...@opayq.com wrote:
> A CA will not validate a '.onion' address since it's not an official TLD
> approved by ICANN. The numbers aren't random. From Wikipedia:
> 
> "16-character alpha-semi-numeric hashes which are automatically generated
> based on a public key  when a hidden
> service
>  is
> configured. These 16-character hashes can be made up of any letter of the
> alphabet, and decimal digits from 2 to 7, thus representing an 80-bit
> number in base32 . It is possible to
> set up a human-readable .onion URL (e.g. starting with an organization
> name) by generating massive numbers of key pairs
>  (a computational
> process that can be parallelized
> ) until a sufficiently
> desirable URL is found."[2]
> [3]
> "
> 
> Cheers,
> yodablue
> 
> On Tue, Jan 26, 2016 at 1:32 PM lists.torproject.org [Masked]
>  opayq.com> wrote:
> 
> >
> > --Blur (formerly
> > DoNotTrackMe)---
> > 
> > -By Abine--
> >
> >
> > I'm new to tor, trying to understand some stuff.
> >
> > I understand the .onion TLD is not an officially recognized TLD, so it's
> > not
> > resolved by normal DNS servers. The FAQ seems to say that tor itself
> > resolves
> > these, not to an IP address, but to a hidden site somehow.
> >
> > When I look at thehiddenwiki.org, I see a bunch of .onion sites, with
> > random
> > looking names. Why is this? What if someone at thehiddenwiki.org
> > registered a
> > new .onion site (for example http://somerandomletters.onion), which then
> > relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)?
> > Thehiddenwiki could give me the link http://somerandomletters.org, and of
> > course I would never know the difference between that and
> > http://3g2upl4pq6kufc4m.onion
> >
> > Without trusting a CA to validate a site name, what prevents MITM attacks?
> > Am
> > I supposed to get the duckduckgo URL from a trusted friend of mine, and
> > then
> > always keep it?
> > --
> > tor-talk mailing list - tor-talk@lists.torproject.org
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> >
> -- 
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Re: [tor-talk] onion routing MITM

[a55deaba]

A CA will not validate a '.onion' address since it's not an official TLD
approved by ICANN. The numbers aren't random. From Wikipedia:

"16-character alpha-semi-numeric hashes which are automatically generated
based on a public key  when a hidden
service
 is
configured. These 16-character hashes can be made up of any letter of the
alphabet, and decimal digits from 2 to 7, thus representing an 80-bit
number in base32 . It is possible to
set up a human-readable .onion URL (e.g. starting with an organization
name) by generating massive numbers of key pairs
 (a computational
process that can be parallelized
) until a sufficiently
desirable URL is found."[2]
[3]
"

Cheers,
yodablue

On Tue, Jan 26, 2016 at 1:32 PM lists.torproject.org [Masked]
 wrote:

>
> --Blur (formerly
> DoNotTrackMe)---
> 
> -By Abine--
>
>
> I'm new to tor, trying to understand some stuff.
>
> I understand the .onion TLD is not an officially recognized TLD, so it's
> not
> resolved by normal DNS servers. The FAQ seems to say that tor itself
> resolves
> these, not to an IP address, but to a hidden site somehow.
>
> When I look at thehiddenwiki.org, I see a bunch of .onion sites, with
> random
> looking names. Why is this? What if someone at thehiddenwiki.org
> registered a
> new .onion site (for example http://somerandomletters.onion), which then
> relayed traffic to duck-duck-go (http://3g2upl4pq6kufc4m.onion)?
> Thehiddenwiki could give me the link http://somerandomletters.org, and of
> course I would never know the difference between that and
> http://3g2upl4pq6kufc4m.onion
>
> Without trusting a CA to validate a site name, what prevents MITM attacks?
> Am
> I supposed to get the duckduckgo URL from a trusted friend of mine, and
> then
> always keep it?
> --
> tor-talk mailing list - tor-talk@lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>
>
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk