[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] Giving Hidden Services some love



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 2015-01-02 15:55, s7r wrote:
> 
> .onion Tor Hidden Services _already provide end to end encryption
> and authentication_ when used with the default http. They are not 
> vulnerable to man in the middle attacks or hijacks. On top of this 
> primary layer of encryption, there are more crypto layers in the
> Tor circuits connecting a client to a hidden service.

Respectfully, I think many people are missing the point of why there
is interest in HTTPS for Tor hidden sites. I think it is generally for
authentication, not session encryption.

Facebook having a signed SSL certificate for their hidden service
reliably anchors it to their corporate identity, preventing phishing
attacks and giving users confidence.

Really, the phishing problem for hidden sites is very bad. Hidden site
addresses, even "vanity" ones, contain a lot of random hexadecimal
characters that no one looks at. This makes it very easy to get
someone to click to the wrong domain.

Using a "vanity" address should be considered a best practice against
this since it requires attackers to put computational power into
finding another address with the same first n characters, but it only
increases the cost of the attack. I suspect that in the whole it is
still easier than for non-hidden services since users not deceived by
facebook.com.sketchy.ru will likely still be deceived by
facebook[differenthexcharacters].onion.

I think this is a smaller risk profile for hidden services than open
internet websites since 1) users of hidden services will tend to be
more security conscious (although easy-to-use tools like the browser
bundle make this less true than it used to be) and 2) users will not
generally expect to get emails etc. with links to hidden services. But
of course 2 depends on 1 to some extent.

Obviously this identity authentication is completely irrelevant when
the hidden site operator intends to remain anonymous, but some hidden
site operators, like Facebook, do not. They benefit from the strong
authentication that SSL provides and Tor's built-in encryption does not.

(Well, Tor's built-in encryption does provide reliable tying of a
hidden service to its address - but so does DNS in most practical
situations, the whole problem is that users do not check that the
hostname/hidden service key is exactly correct but will hopefully
respond better to their browser's SSL indicator)

Yes, the CA infrastructure is not the best solution to the
authentication problem, but it is the best solution that is
implemented in user agents right now, so I think it is obvious and
desirable that hidden service operators that wish to prove their
identity as a corporation or natural person will use it.

(note: here we are using measures like GPG to prove our identities to
any list members who care that much - because of the huge risk of
phishing ALL web users should care that much)

Jesse B. Crawford
Student, Information Technology
New Mexico Inst. of Mining & Technology

https://jbcrawford.us // jesse@jbcrawford.us
https://cs.nmt.edu/~jcrawford // jcrawford@cs.nmt.edu
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBAgAGBQJUp069AAoJEBPrCUVAhb3Bo60H/026+eUWVs3jlvWQBZ/2Sm1+
ITYxiv7w9cxC9yQemJzFlHhOsZzPbzr8KmUzZsGvN3erQM/OHZZnnXlMKfpS/j0u
YTHq3nM4395OpNsPPghTzWUKijw9mb4MNZi8qyeuXz12ddI1tIWUkb1VmXIWJx7w
Ibgr0jS7L2Br0ZZg/DDgU4xV8jkQn98H8Jqi31mDZ10ymS4vdLwCi6sVu1lA7wcu
7Ho6/AfZ1PHdhFoioQmA+k9ZjGAji7mI9FkM0rGl4uwhDbihRgMu6HOP/VAtu/WC
lGBt3Gw3CAuhh7pkbD7MF56j1AaWQsSRkPWgaToo+rvFmZrQ8hL+LotnTaiK/5E=
=pWLV
-----END PGP SIGNATURE-----
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk