#23969: Scallion/cathugger attack on Tor ------------------------------+-------------------- Reporter: cypherpunks | Owner: (none) Type: defect | Status: new Priority: High | Milestone: Component: Core Tor/Tor | Version: Severity: Major | Keywords: Actual Points: | Parent ID: Points: | Reviewer: Sponsor: | ------------------------------+-------------------- A used scallion to search public key for "abcde*", and got "abcdeyyyyyyyyy.onion" A used it to host his website
B want to takedown A. B used scallion to search public key for "abcde*", and got "abcdeyyyyyyyyy.onion" This is a possible attack of Tor's hidden service. Unfortunately, V3 onion namesystem are already cracked: github.com/cathugger/mkp224o What can you do to stop this from happening? How can I block other people from generating my onion's hidden key? Why not add a protection? "If 2nd connection tried to connect with known hostname(B), deny it and raise error." -- Ticket URL: <https://trac.torproject.org/projects/tor/ticket/23969> Tor Bug Tracker & Wiki <https://trac.torproject.org/> The Tor Project: anonymity online
_______________________________________________ tor-bugs mailing list tor-bugs@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs