[messaging] Are vanity onion domains a good idea?

Philipp Winter phw at nymity.ch
Fri Oct 23 14:10:07 PDT 2015


The Tor network uses self-authenticating names for onion services, e.g.,
3g2upl4pq6kufc4m.onion.  These onion domains are difficult to recognise
and remember, which is one reason why some onion service providers
started generating vanity domains.  The idea is to keep generating key
pairs until the hash's prefix contains a desirable string.  Facebook got
a pretty good one with facebookcorewwwi.onion.

Attackers have now started to impersonate onion services by generating
onion domains whose prefix resembles the original.  An example is
DuckDuckGo's search engine:

Original:      3g2upl4pq6kufc4m.onion
Impersonation: 3g2up5afx6n5miu4.onion
               ^^^^^
Users who encounter an impersonated onion domain might mistakenly assume
it's the original because they recognise the prefix.  I worry that this
kind of phishing attack is particularly effective against vanity onion
domains because they might incentivise users disproportionately to only
verify the easily recognisable prefix.

As a result, I wonder if vanity onion domains raise more problems than
they solve.  Should onion domain generation be made deliberately slow to
render vanity onion domains and phishing attacks impractical?  Should we
provide browser-based tools to manage onion domains instead of treating
them like normal, memorable domains?

Thoughts?


More information about the Messaging mailing list