[messaging] Are vanity onion domains a good idea?

Jeff Burdges burdges at gnunet.org
Tue Oct 27 09:26:03 PDT 2015


On Mon, 2015-10-26 at 20:55 -0400, micah wrote:
> I actually had written a section in the original draft of the Onion S
> ervices Best Practices document[0] something about avoiding vanity on
> ions, specifically this is what I drafted:

If you're vanity .onion begins with a common word, like say face or
silk, then there is some small risk that someone has already spent the
CPU time trying to produce some, so a malicious party might obtain that
existing work.  

I think beyond that you'd need an actual study to say anything
concrete.  It might depend upon the audience somewhat too, like people
off the street are easy prey, but people used to observing key material
do better.  


Are you aware of the previous discussion of key poems on this list?
https://moderncrypto.org/mail-archive/messaging/2014/000125.html

At CCC, George and I discussed the idea of using key poems for
visualizing .onion urls.  And he started a discussion about on the tor
-dev list :
https://lists.torproject.org/pipermail/tor-dev/2015-August/009302.html
https://lists.torproject.org/pipermail/tor-dev/2015-August/thread.html#
9302

I think the important point is : If we only want the person to
recognize sites they've visited before, then we can salt the derivation
of the key poem or whatever, thereby making look-alike attacks hard.  

Jeff

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: <http://moderncrypto.org/mail-archive/messaging/attachments/20151027/3134e56b/attachment.sig>


More information about the Messaging mailing list